markitdown

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The package makes runtime calls to the OpenRouter API (https://openrouter.ai/api/v1) — e.g., via the OpenAI-compatible client and direct requests in generate_schematic_ai.py — and the responses (generated images and critique text) are consumed to drive generation iterations and to modify/promote subsequent prompts, so this external URL is a required runtime dependency that directly controls agent prompts.