url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly opens and fetches arbitrary, user-supplied public URLs via Chrome CDP (see scripts/main.ts captureUrl which launches Chrome on args.url and runs cleanupAndExtractScript, then scripts/html-to-markdown.ts converts the extracted HTML), so the agent will read and interpret untrusted third‑party web content.