zapsign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill allows ingesting arbitrary public PDFs via the "url_pdf" field (see "Create Document from PDF URL"), so it can fetch and process untrusted third-party content from arbitrary URLs which could carry indirect prompt-injection payloads.