html-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs executing "npx @wcj/html-to-markdown-cli -s" to fetch and convert an arbitrary HTTPS HTML URL into markdown (which the agent then reads), so untrusted public web content can be ingested and potentially inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes npx @wcj/html-to-markdown-cli <url> -s at runtime (which fetches and executes a remote npm package) and also fetches a user-supplied https:// URL whose HTML/markdown output could inject prompts, so remote content both executes code and can directly control agent instructions.