pdf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed plaintext passwords and command-line password flags (e.g., --password=mypassword and writer.encrypt("userpassword","ownerpassword")), which encourage handling or outputting secret values verbatim and thus pose an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests and processes arbitrary, user-supplied PDF files (see forms.md and scripts like scripts/convert_pdf_to_images.py, scripts/extract_form_field_info.py and scripts/fill_pdf_form_with_annotations.py), and the agent is expected to visually read/interpret those PDFs/images to determine form fields and bounding boxes, which exposes it to untrusted third‑party content that could contain indirect prompt injections.