pdfkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes code that loads and processes PDFs from arbitrary URLs (e.g., PDFDocument(url: url) and the DocumentScreen usage), extracts and acts on their contents (document.string, findString, fill form fields), and performs embedded actions/links (pdfViewWillClick opening URLs, goToOutlineEntry calling pdfView.perform(action)), which means untrusted third‑party PDF content could influence behavior and trigger actions.