image-parser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill sends user-supplied images to the SoMark API (SOMARK_SYNC_URL: https://somark.tech/api/v1/extract/acc_sync) and ingests the returned JSON/markdown outputs which the agent is instructed to read and use for field extraction and answers (see SKILL.md and image_parser.py), so untrusted/user-generated parsed text from third-party processing could influence downstream decisions.