baoyu-url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and renders arbitrary URLs (SKILL.md "Fetch any URL" and scripts/main.ts → captureUrl which launches Chrome with the provided args.url and then evaluates absolutizeUrlsScript to capture the page HTML), then parses that untrusted, public webpage HTML in scripts/html-to-markdown.ts to drive conversion logic and fallback decisions, so third‑party page content is ingested and can influence tool behavior.