managing-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill loads and renders arbitrary public/user-provided media—e.g., embedding public fileUrl into Office/Google viewers (references/office-viewer.md), parsing DOCX with mammoth (references/office-viewer.md), rendering/searching PDFs with react-pdf (references/pdf-viewer.md), and loading images from external hosts like picsum.photos in examples/carousel.tsx and examples/responsive-gallery.tsx—so it clearly ingests untrusted third‑party content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The code sets pdfjs.GlobalWorkerOptions.workerSrc to a CDN URL (//cdnjs.cloudflare.com/ajax/libs/pdf.js/${pdfjs.version}/pdf.worker.min.js), which is fetched at runtime and executes remote worker code required for PDF rendering, creating a high-confidence supply-chain execution risk.