kimi-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The html_to_pdf.js converter runs the input HTML in Playwright (page.goto) and explicitly falls back to loading paged.polyfill.js from unpkg.com and may load KaTeX/Mermaid/web fonts or any external URLs referenced by the HTML, then evaluates and analyzes the page DOM (word counts, figures, overflow, etc.), so arbitrary public third‑party content referenced in the HTML can be fetched and interpreted by the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The html_to_pdf.js conversion script may, at runtime, fetch and inject remote JavaScript from the CDN fallback https://unpkg.com/pagedjs@0.4.3/dist/paged.polyfill.js (executed in-page for pagination), which is a runtime fetch that executes remote code the tool can rely on if the local bundle is missing.