paper-notion-summarizer

The skill is classified as suspicious due to significant vulnerabilities in `scripts/extract_paper.py`. This script fetches content from URLs derived from user input (via `query`, `doi`, `arxiv-id` arguments), creating a potential Server-Side Request Forgery (SSRF) vulnerability. Additionally, the `--output` argument allows writing to an arbitrary file path, posing an arbitrary file write vulnerability. These flaws could be exploited if the agent's inputs are manipulated through prompt injection, potentially leading to unauthorized data access or system compromise, despite the script's intended benign purpose of fetching paper content.