pdf-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests PDFs from the open web (e.g., convert_to_markdown(uri="https://...") and resolving PMIDs via get_article_fulltext_links to retrieve public full-text PDFs), which are untrusted third-party sources and will be read/interpreted by the agent.