pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary PDF content supplied at runtime — e.g., SKILL.md mandates extracting text/tables and OCRing scanned PDFs via a vision LLM and the repository contains scripts that parse PDF content (extract_form_structure.py, convert_pdf_to_images.py, fill_pdf_form_with_annotations.py, and the OCR python_repl guidance) — so untrusted, user/third‑party PDF content is read and can directly influence tool actions (form-filling, annotations, further LLM calls).