web-fetch-as-markdown

SUSPICIOUS: The skill’s core behavior matches its stated purpose, but it routes arbitrary URLs and page content through third-party conversion services, including one less-verifiable fallback domain. This is not malware and shows no credential harvesting or local execution, but it has medium security risk from third-party data exposure and indirect prompt-injection via fetched content.