markitdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and converts arbitrary HTTP/HTTPS resources (e.g., convert("https://...") / convert_url(), the MCP tool convert_to_markdown(uri), and examples for YouTube, Wikipedia, and RSS feeds in SKILL.md and references), and those untrusted public web pages/feeds are used as input that can be fed into downstream LLM workflows (summarization, Q&A, or automation), so third-party content could indirectly inject instructions.