to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external documents (including HTML pages and YouTube URLs per the Supported Formats) and its workflow directs the agent to read/convert those files and potentially save their contents into a knowledge base, exposing the agent to untrusted, user-generated third-party content that could contain instructions.