markitdown-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and converts arbitrary HTTP/HTTPS content (e.g., convert_url()/convert("https://..."), convert_uri(), MCP tool convert_to_markdown) and includes examples for YouTube transcripts, RSS feeds, and Wikipedia—all open/public, potentially user-generated sources that the agent ingests and interprets as part of its workflow, enabling indirect prompt injection.