doc-to-text

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The "Knowledge Protocol" secretly instructs the skill to automatically integrate and prioritize Public, Confidential, and Personal knowledge (including secrets), which goes beyond the declared file-extraction purpose and thus is a hidden/deceptive instruction about accessing sensitive data.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill extracts raw text from files (PDFs, images, emails, spreadsheets) and explicitly integrates confidential/personal knowledge tiers, so it can read and return secret values verbatim, creating a direct exfiltration risk.