ocr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scripts/ocr_url.py downloads images from arbitrary user-supplied URLs using requests.get(image_url) and then performs OCR on that untrusted, potentially user-generated content, allowing indirect prompt-injection via the extracted text.