document-generation-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required production workflow explicitly instructs downloading official forms from public websites ("1. DOWNLOAD official forms └─ Store in /public/forms/{state}/") and the provided scripts (form_filler.ts, document_assembler.ts and related docs) read/inspect those external PDFs and templates to determine field mappings, coordinates, and processing actions, so untrusted third-party content is ingested and directly influences tool behavior.