pdf-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly states the extension will "scan any webpage" and detect/convert linked or embedded PDFs (see "How It Will Work" and "Why PDF Downloader"), meaning the agent will ingest content from arbitrary public webpages and user-generated sites as part of its workflow and that content can influence which files the tool downloads or converts.