markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and converts open web content such as HTML pages and YouTube URLs (see SKILL.md, references/file_formats.md, and examples like convert("https://www.youtube.com/...")), and several scripts (e.g., scripts/convert_with_ai.py) feed that untrusted, user-provided content into LLMs for interpretation and AI-enhanced descriptions—meaning third-party content is ingested and can materially influence the tool's outputs and downstream behavior.