ocr-and-documents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires using web_extract on arbitrary document URLs (e.g., "web_extract(urls=[...])" in Step 1) and the marker script supports ingesting HTML/PDFs from external sources, so the agent will fetch and interpret untrusted public web content as part of its mandatory workflow, enabling indirect prompt injection.