pydicom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow reads OUTSIDER-authored DICOM files from a user-supplied path via pydicom.dcmread(...) (e.g., in scripts/anonymize_dicom.py, scripts/dicom_to_image.py, and scripts/extract_metadata.py), and DICOM metadata fields are free-text strings that can contain attacker-controlled content which is then converted to readable text (printed/written) and thus fed into the agent/LLM context.