kimi-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's HTML route and workflow explicitly load and rely on external web resources (e.g., html_to_pdf.js injects Paged.js from https://unpkg.com when local paged.polyfill.js is missing, SKILL.md and html.md require KaTeX/Mermaid or Google Fonts via CDN or web links, and the SKILL.md mandates "Search Before Writing"), and the conversion script reads and interprets DOM content (Mermaid/KaTeX status, CSS counters, overflow detection) to change processing behavior, so untrusted third‑party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime fetches that execute remote code: the LaTeX install step uses curl -fsSL https://drop-sh.fullyjustified.net | sh (downloads and runs a shell installer), and the HTML conversion falls back to loading Paged.js from https://unpkg.com/pagedjs@0.4.3/dist/paged.polyfill.js at runtime (injects and executes remote JavaScript in the rendering process), both of which are fetched during runtime and are required for operation.