ocr-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The service's /ocr API accepts arbitrary base64-encoded images from external clients and OCRService.base64_to_image -> recognize decodes and extracts text from those user-provided images, so it ingests untrusted, user-generated content that the agent would read and interpret.