aliyun-docmind-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's quickstart and scripts (SKILL.md quickstart, scripts/quickstart.js) submit arbitrary public URLs via DOCMIND_FILE_URL / submitByUrl to DocMind, which ingests and returns parsed document content that the agent is expected to read and act on, enabling untrusted third-party (public web) content to influence behavior.