markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and converts arbitrary public web content (e.g., md.convert(url) shown in SKILL.md and references/web_content.md and the scripts/convert_webpage.py example), including YouTube transcripts and scraped HTML, so it ingests untrusted, user-provided web content that the agent is expected to read and that could influence subsequent LLM-driven processing.