smart-ocr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly shows fetching images from arbitrary web URLs ("URLs and Bytes" section using requests.get(...) and ocr.ocr(BytesIO(response.content))) and then OCRing and parsing that untrusted, third‑party content (e.g., business card and receipt examples that extract actionable contact/payment data), so external page content can be read and materially influence downstream decisions.