web-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and renders arbitrary web pages via the local web2md CLI and Puppeteer (see workflow examples like web2md '<url>' --out ... and README descriptions of converting any webpage), so it ingests untrusted public web content that the agent will read/convert and could carry indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly suggests bypassing browser sandboxing via --no-sandbox and also instructs global installs (npm link / npm install -g .) which modify the system environment, so it encourages actions that bypass security and change machine state.