somark-document-parser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow and code (SKILL.md and somark_parser.py) upload and ingest user-supplied documents to the third-party SoMark API (https://somark.tech), parse and return the parsed Markdown/JSON to the agent as data that the agent is expected to read and use for follow-up answers, so untrusted/user-generated document content from a third-party service can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime calls to the SoMark API (e.g. https://somark.tech/api/v1/parse/async and https://somark.tech/api/v1/parse/async_check) and relies on the returned parsed Markdown/JSON as required input to the agent, so maliciously crafted returned content could be injected into the model context and effectively control prompts.