fetch-url-as-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and extracts arbitrary public web pages (see SKILL.md "Fetch any web URL" workflow and scripts/fetch_url.py using trafilatura.fetch_response, with an Exa MCP fallback) and returns that untrusted third-party content as Markdown for the agent to read and act on, so external page instructions could influence tool use or decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary external webpages at runtime (e.g., python3 ~/.claude/skills/fetch-url-as-markdown/scripts/fetch_url.py "" and, on fallback, mcp__exa__web_search_advanced_exa(query="", ...)), returning the fetched content into the agent context — so a remote URL can directly inject instructions that the agent will see and act on.