pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Process" route explicitly ingests and extracts content from existing user-supplied PDFs (using tools like pdfplumber/pikepdf), which are untrusted third‑party inputs the agent will read and interpret as part of its workflow, enabling indirect prompt injection.