ocr
Warn
Audited by Snyk on Mar 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows ingesting arbitrary external documents via the --document-url flag (e.g., "casedev ocr process --document-url ..."), meaning the agent fetches and reads untrusted public URLs and will interpret their text as part of its workflow, enabling indirect prompt injection.
Audit Metadata