epub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly ingests and parses arbitrary uploaded EPUB files (e.g., copying /mnt/user-data/uploads/book.epub, unzipping and reading nav.xhtml, *.xhtml, and *.opf with cat/BeautifulSoup), so untrusted user-generated HTML/XML content from those epubs is read and used to determine structure and text—allowing indirect instruction injection.