pdf-harvester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill downloads and ingests PDFs from arbitrary public URLs (see harvest_pdf_url which uses httpx.get and the arXiv example usage), so the agent will read untrusted third‑party content that could contain indirect prompt injections.