glmocr-table

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill accepts arbitrary public URLs as input (see "Extract from URL" in SKILL.md and the CLI's --file-url handling in scripts/glm_ocr_cli.py), fetches and OCRs untrusted user-provided images/PDFs, and returns the extracted text as part of its workflow, so third-party content could carry instructions that influence downstream decisions or actions.