epub-chapter-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider-authored free text can enter the LLM context indirectly when the user supplies an arbitrary EPUB file: the script reads the EPUB’s embedded HTML/text (epub.read_epub → item.get_content().decode(...) → BeautifulSoup → html2text.handle) and then produces markdown chapter content that the agent may present to the LLM; this is outsider content from the EPUB’s author.