arxiv-latex-source

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs downloading and parsing author-submitted LaTeX source from the public arXiv e-print endpoint (GET https://arxiv.org/e-print/{arxiv_id}) and includes runnable examples that read .tex/.bib content, meaning the agent ingests untrusted third-party content that can influence parsing and downstream actions.