deepxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 3 and Step 4) explicitly runs deepxiv/tools/deepxiv_fetch.py and deepxiv commands (e.g., "deepxiv wsearch", "deepxiv paper ... --section") to fetch open-access papers and perform web searches, and the agent is instructed to read/interpret those fetched sections/summaries and take follow-up actions (suggest next steps, escalate reads, and ingest into a research wiki in Step 6), so untrusted third-party content can materially influence behavior.