pdf-to-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Step 2 requires the agent to "Read" and describe images extracted from arbitrary PDFs, and scripts/ocr_extract.py (process_cloud and _download_images) fetches files/images via a user-supplied PaddleOCR cloud API URL (and downloads returned image URLs), so untrusted third‑party content is ingested and directly drives tool use and follow-up actions.