pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and processes arbitrary user-supplied PDFs and derived images that the agent is explicitly expected to read and interpret (e.g., text/table extraction with pdfplumber/pypdf, convert_pdf_to_images.py + forms.md which instructs Claude to visually inspect page PNGs and produce fields.json), which exposes it to untrusted third‑party content that could carry indirect prompt injections.