docs-to-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's discover.mjs and SKILL.md explicitly fetch public site content (llms-full.txt, llms.txt, sitemap.xml, page HTML/nav links) and then call WebFetch to convert those arbitrary third-party pages into Markdown as part of its core workflow, meaning untrusted web content directly determines which pages are fetched and how the agent proceeds.