pandoc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly supports fetching and converting live webpages (e.g., the "Web to Markdown" example and "When fetching and converting webpage content into clean Markdown"), so the agent ingests arbitrary public web content (untrusted/user-generated) that it will read/interpret, enabling potential indirect prompt injection.