share

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's URL mode (fetch_page_with_surf in scripts/html_to_share.py, using surf and requests) navigates to arbitrary user-supplied http(s) URLs, captures document.documentElement.outerHTML and downloads remote images which are then parsed and processed by the MarkItDown/cleaning pipeline, so it clearly ingests untrusted public web content that could contain malicious/instructional text.