everything-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary webpage URLs (see SKILL.md "网页: HTML URL") and the runtime script scripts/convert_to_markdown.py calls create_task_from_url which submits user-provided URLs to the external MinerU service and then downloads and opens the returned full.md (references/mineru-api.md shows the 'url' parameter supports HTML), meaning untrusted public web content is ingested and converted to Markdown that the agent would read and could influence subsequent actions.