markitdown

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed API keys and endpoints directly into code (e.g., api_key="your-openrouter-api-key" and docintel_endpoint="<document_intelligence_endpoint>"), which encourages the agent to accept and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes open/public third-party content (e.g., YouTube URLs and web pages) — see SKILL.md/references/file_formats.md and scripts/convert_with_ai.py showing md.convert("https://www.youtube.com/...") and HTML conversion — so untrusted, user-generated content is ingested and interpreted as part of the conversion workflow and can therefore influence downstream actions.