pdf-form-filler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls Anthropic/Claude Vision in SKILL.md and in scripts (get_fields_from_vision in scripts/fill_pdf.py and discover_fields / verify_and_correct / call_claude in scripts/fill_pdf_vlm.py) and parses the model's JSON/image-based responses at runtime to determine field labels, coordinates, and corrections that directly drive PDF-filling actions, so untrusted third‑party model output can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill uses the Anthropic API at runtime via the anthropic client (e.g., https://api.anthropic.com) to obtain JSON responses from Claude Vision that directly determine field coordinates and control where text is placed in the PDF, and the ANTHROPIC_API_KEY is required.