url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary public webpages (SKILL.md: "抓取任意公开网页URL") using axios.get(url) in scripts/url-to-markdown.js and converts that untrusted, user-generated web content to Markdown which the agent will read/interpret, enabling indirect prompt injection.