arxiv-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly directs the agent to query the public arXiv API (e.g. GET http://export.arxiv.org/api/query and the search_arxiv tool) to retrieve paper titles/abstracts from the open arXiv repository, which are untrusted third‑party submissions the agent is expected to read and that can influence its actions.