corporate-tax-form-fill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to load and parse a blank fillable PDF from a public source (e.g., "Blank fillable PDF from IRS (e.g., f1120.pdf from irs.gov/pub/irs-pdf/)" and Step 1/Step 2 show extracting widget fields and page text to map labels), so it ingests third-party web-hosted PDF content which the agent must interpret and which can directly change fill/mapping behavior.