markdown-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automatically fetches and ingests arbitrary user-provided web pages (see SKILL.md: "This skill should trigger automatically when: User provides a URL") by posting the supplied URL in scripts/fetch.sh to the external markdown.new service, so untrusted third-party content is read and used to drive summarization/analysis and could contain indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime script makes POST requests to https://markdown.new/ to fetch and return arbitrary webpage content (based on user-provided URLs), which is then injected into the agent's output/context and therefore can directly control prompts or instructions.