markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and converts arbitrary web content (HTML/web pages) and YouTube URLs—see SKILL.md, references/file_formats.md, and scripts/convert_with_ai.py/examples—which means the agent ingests untrusted, user-provided public third‑party content and will read/interpret it as part of its workflow, enabling indirect prompt injection risk.