markitdown-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required setup (SKILL.md step 1 and scripts/setup.sh) runs "pip install markitdown-mcp" and registers that installed MCP server in ~/.claude/settings.json, meaning an untrusted third-party package from the public Python ecosystem will be run and its MCP responses consumed by Claude Code, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup runs "pip install markitdown-mcp" which fetches and installs code from PyPI (e.g. https://pypi.org/project/markitdown-mcp) at runtime; that installed MCP binary is then registered and relied on to run/handle agent requests, meaning remote code is fetched and can execute and influence agent behavior.