pdf-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests arbitrary user-supplied PDFs (e.g., unpdf.extractText in the "AI-Driven Semantic Extraction" snippet and the form-processing scripts like scripts/convert_pdf_to_images.py and scripts/extract_form_field_info.py) and feeds the extracted text/images into LLM prompts (generateObject), so the agent will read and interpret untrusted, user-generated content that could carry indirect prompt injections.