markdown-fetcher

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the model to embed user-supplied URLs verbatim into WebFetch calls (e.g., https://markdown.new/), which would expose any tokens or secrets present in query strings or paths — even though it asks to block token-containing URLs, it does not enforce redaction or avoid outputting the raw URL, so secrets could still be emitted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly constructs markdown.new proxies for user-supplied URLs and calls WebFetch to read and summarize those web pages (see Workflow steps 2–3 and the Examples like WebFetch(url: "https://markdown.new/https://blog.example.com/post-123", prompt: ...)), so it ingests arbitrary public third‑party content that can directly influence agent behavior.