markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests open web content (HTML/web pages and YouTube URLs) — see "Supported Formats" and examples in SKILL.md and references/api_reference.md (e.g., md.convert("https://www.youtube.com/watch?v=VIDEO_ID") and HTML conversion examples) — and the agent is expected to read and act on that converted content as part of workflows, so untrusted third-party content could carry instructions that affect downstream processing.