pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly ingests and processes arbitrary user-supplied PDFs (see forms.md and scripts like scripts/convert_pdf_to_images.py, scripts/extract_form_field_info.py, scripts/fill_pdf_form_with_annotations.py and the pdfplumber/pdf2image OCR examples) and instructs the agent to extract and interpret text, tables, and form content from those untrusted documents, which could embed malicious/instructional content.