web-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and renders arbitrary http(s) webpages via the local web2md CLI (see SKILL.md "Inputs you should collect" and "Workflow" steps 2–4 and the README), so the agent ingests untrusted public web content that could contain instructions influencing subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly suggests bypassing browser sandboxing via --no-sandbox and also instructs global installs (npm link / npm install -g .) which modify the system environment, so it encourages actions that bypass security and change machine state.