website2markdown

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit curl examples and guidance to include an Authorization: Bearer <API_TOKEN> header (or ?token= query) so an agent would be expected to embed secret token values verbatim into generated commands/requests, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and convert arbitrary public URLs via https://md.genedai.me (see SKILL.md, README.md and references/platform-adapters.md examples for Twitter/X, Reddit, WeChat, etc.), causing the agent to ingest untrusted, user-generated web content that can directly influence extraction, crawling, and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs agents to fetch and inject remote page content at runtime from the API endpoint https://md.genedai.me (e.g., via curl "https://md.genedai.me/...?raw=true"), which the agent relies on and which can directly control model context/behavior (prompt injection risk), so this URL is a high-confidence runtime dependency that can control prompts.