markdown-new

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and converts arbitrary public URLs into Markdown via the markdown.new service (see SKILL.md "Prefix Mode"/"POST Mode" and the fetch_markdown/batch_extract examples), meaning the agent will ingest and act on untrusted, user-generated web content that could contain malicious instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). https://markdown.new/ is invoked at runtime by the skill to fetch arbitrary web-page content as "LLM-ready Markdown" (intended for injection into model prompts) and the skill depends on that service for its core functionality, so fetched content can directly control prompts.