markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and downloads arbitrary web URLs and HTML for conversion (see "Convert Web URL (via download)" in examples.md and the convert() doc in reference.md), so the agent ingests untrusted public web content that could influence downstream processing.