arxiv-paper-processor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and download papers and LaTeX sources from open/public arXiv URLs (e.g., "wget https://arxiv.org/e-print/2301.07041" and the "Fetch metadata via Atom feed" section), which are untrusted, user-generated third‑party content that the skill requires the agent to read and parse and whose extracted content is used to drive downstream analyses—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running a remote Docker image ("grobid/grobid:0.8.0") at runtime (docker run ...), which will pull and execute code from Docker Hub and is presented as a required dependency for PDF extraction.