add-pdf-reader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL points to a GitHub repository from an individual/unfamiliar account — GitHub is a legitimate host and the link is to source code (not a direct executable), but pulling and merging unreviewed code from an unknown repo can introduce malicious scripts or supply-chain risks, so it warrants caution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and ingests PDFs from untrusted WhatsApp attachments and arbitrary URLs (see "PDF attachment download in src/channels/whatsapp.ts" and Phase 3 "Test PDF extraction" / "Test URL fetching" in SKILL.md), so third-party content can be read and influence agent behavior.