web-fetch-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and scripts (fetchmd) explicitly fetch arbitrary http(s) URLs from the public web and convert pages into Markdown for LLM ingestion, meaning untrusted third-party (user-generated/public web) content is read and can directly influence subsequent model behavior, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls fetchmd at runtime to fetch arbitrary http(s) URLs supplied as the "" argument (i.e., any user-provided http(s) URL) and then converts that fetched page into Markdown which is injected for LLM ingestion, so remote content directly controls prompts.