markdown-sanitization-chain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests and renders "user-supplied markdown (comments, docs UI, embedded editors)" (see "When to Use" and the Implementation code) so the skill parses and executes untrusted, user-generated content via marked.js and Mermaid, which could carry executable or instructional payloads that influence behavior.