paddleocr-text-recognition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill accepts arbitrary public URLs as input (see SKILL.md "Basic Workflow" and examples using --file-url, and scripts/ocr_caller.py / scripts/smoke_test.py which accept --file-url/--test-url), sends them to the OCR API, and the skill explicitly instructs the agent to read and display the COMPLETE recognized text — meaning untrusted, third‑party content can be ingested and can materially influence agent actions.