markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the tool "Can fetch URLs" and includes examples like "markitdown https://example.com" and a "URLs" supported-format entry, so the agent can ingest arbitrary public web pages (untrusted third-party content) as part of its workflow, which could allow instructions on those pages to influence subsequent behavior.