aa-book

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pipeline explicitly downloads content from Anna's Archive ("Pipeline steps: 1. Download from Anna's Archive") and converts/ingests those external books into pdf-brain, meaning arbitrary public third‑party content could be read and influence the agent's knowledge and actions.