markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Web Content Extraction" capability explicitly fetches and converts arbitrary web pages, YouTube transcripts via URL (e.g., convert("https://youtube.com/watch?v=VIDEO_ID")), and RSS/HTML content into Markdown, meaning the agent ingests untrusted, user-provided public web content that could carry indirect prompt injection.