book-mirror

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests user-supplied EPUB/PDF content (see "1. Acquiring the book" and "2. Text extraction" — chapters written to $WORK/chapters/*.txt) and feeds each chapter into per‑chapter subagents that read and interpret that text as part of the required analysis, so untrusted third‑party book content can materially influence the agent's outputs and enable indirect prompt injection.