paddleocr-ui-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main runtime (scripts/ui_test.py) navigates to an arbitrary --url with Playwright, extracts the page DOM via page.evaluate(A11Y_TREE_SCRIPT) and screenshots, and sends that screenshot to a third‑party PaddleOCR/SiliconFlow API (references/ocr-api.md); those untrusted public webpage contents and OCR results are parsed and directly drive test decisions and reports, so third‑party content can materially influence the agent's behavior.