pdf4me

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly includes a "URL to PDF" / ConvertUrlToPdf example that sends an arbitrary webUrl to the API (webUrl in the How to Use section), meaning the agent fetches and ingests open/public webpages which are untrusted and could contain instructions that influence subsequent processing.