chatpaper-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md explicitly states the tool "connects to the arXiv API" and includes CLI workflows that fetch and ingest public arXiv papers, meaning the agent reads untrusted third‑party paper content (arXiv) that can influence summarization and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructs cloning and running code from https://github.com/kaixindelele/ChatPaper.git (git clone ... then python chat_paper.py), which fetches remote code that would be executed and is required for the skill.