paddleocr-text-recognition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public URLs (SKILL.md: "User provides URL: Use the --file-url parameter" and scripts/ocr_caller.py) and passes them to the external PaddleOCR API (lib.ocr), then parses and is required to display the COMPLETE extracted text, so untrusted third‑party content from the open web is ingested and presented in a way that could contain instructions influencing agent behavior.