document-granular-decompose

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill uploads user-provided local files to an external MinerU API (POST to https://thuenv.tiangong.world:7770/mineru_with_images as shown in SKILL.md and scripts/mineru_fulltext_extract.py) and ingests the API's returned text (response.txt or response.result[].text) for downstream processing, exposing the agent to untrusted third-party content.