baoyu-url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly fetches arbitrary/public URLs via the baoyu-fetch CLI (see "Fetches any URL" and references/adapters.md's generic adapter) and instructs the agent to read the returned markdown/JSON (quality-gate.md and Output Format) and change behavior (e.g., switch to --wait-for interaction, re-run the CLI, prompt to download media) based on that untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the baoyu-fetch npm package (e.g. https://registry.npmjs.org/baoyu-fetch or https://www.npmjs.com/package/baoyu-fetch) during setup/runtime (bun install → scripts/node_modules/.bin/baoyu-fetch), which fetches remote package code and executes it as the CLI — a runtime external dependency that runs remote-provided code.