baoyu-url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main runtime clearly navigates to and fetches arbitrary user-supplied public web pages via Chrome CDP (scripts/main.ts uses launchChrome and navigate/evaluate to capture page HTML) and also downloads remote media (scripts/media-localizer.ts), so it ingests untrusted third‑party web content that is then parsed and used to determine filenames, metadata, and follow-up actions.