pdf-text-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's run.py and SKILL.md explicitly resolve pdf_url entries from papers/core_set.csv (or derive from arxiv_id/URL) and call _download_pdf (using urllib.request.urlopen) to fetch public PDFs and then extract/read their text as evidence, meaning untrusted third‑party content from arbitrary URLs is ingested and can materially influence downstream decisions.