markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches public web content (e.g., YouTube URLs and web pages) as shown in SKILL.md and references/file_formats.md (examples like md.convert("https://www.youtube.com/watch?v=VIDEO_ID")), so it ingests untrusted, user-generated third‑party content as part of its conversion workflow which can then be fed to LLMs and influence downstream behavior.