markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly supports ingesting remote/public content (notably "YouTube URL | URL | Transcript extraction") and instructs downloading arbitrary remote documents (e.g., "curl -o /tmp/file.pdf 'URL'") so the agent will read and act on untrusted third-party content as part of its workflow.