extract-to-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the tool ingests "网页导出 PDF、原生 PDF、复制文本" and "提取正文文本、页面顺序、图片资源" (i.e., web pages/PDFs) and uses that content to drive reconstruction decisions, so it reads and interprets untrusted public web/PDF content as part of its workflow (SKILL.md steps 1–5), enabling indirect prompt injection risk.