deep-doc-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the user to provide a PDF path or URL which is uploaded via the PageIndex MCP tool and then read/indexed for Q&A, meaning the agent ingests and interprets arbitrary third-party (user-supplied/public) documents as part of its workflow (see "用户提供 PDF 路径或 URL" and the PageIndex upload/index step).