web-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill drives a local browser (web2md/Puppeteer) to fetch and render arbitrary http(s) URLs provided by the user (see inputs/validation and README examples like "web2md 'https://example.com/article'"), thereby ingesting untrusted public web content (news, blogs, forums, user-provided sites) for the agent to read and convert to Markdown.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill does not ask to create users or edit system files or explicitly request sudo, but it does recommend using --no-sandbox (bypassing Chromium's sandbox) and suggests global npm installs which can involve elevated privileges, so it poses a moderate security risk.