portable-text-conversion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md migration example ("Import WordPress posts") and rules/html-to-pt.md explicitly show fetching and parsing external HTML/Markdown (e.g., fetchWordPressPosts, htmlToBlocks, preprocessHtml) and downloading external images (uploadImage fetch(url)), meaning the agent ingests untrusted, user-generated third‑party content that it must interpret and act on during conversion.