pdfmd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill consumes arbitrary user-provided or externally sourced PDF files (via "user uploads" or referenced PDF file paths) and extracts their text for the agent to read and convert, so untrusted third‑party content can be ingested and indirectly inject instructions.