baoyu-url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's CLI explicitly fetches arbitrary public URLs (see SKILL.md usage and scripts/main.ts -> captureUrl which launches Chrome, navigates to the provided URL, and runs cleanupAndExtractScript via evaluateScript) and then parses/uses the page metadata and content to produce markdown, so it ingests untrusted third‑party web content that could contain instructions influencing outputs.