cloudflare-tomarkdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and converts arbitrary public URLs as part of its core workflow (see SKILL.md "Scraping URLs" and scripts/render.js where it fetches options.url and calls the tomarkdown / browser-rendering endpoints and prints the "UNTRUSTED CONTENT"), so untrusted third-party page content is ingested and returned in a way that could contain instructions that influence subsequent actions.