If you discover a prompt injection bypass or other security issue with this skill, please do not open a public GitHub issue.

Instead, please report it privately:

1. Use GitHub's private vulnerability reporting on this repository
2. Or email the maintainer directly (add your email here)

We take injection defense seriously and will respond within 48 hours.

Security issues in scope:

• Prompt injection bypasses where fetched web content can alter agent behavior
• Unsafe fallback paths that lead to unintended downloads or fetches
• Chained fetch exploits where fetched content tricks the agent into visiting additional URLs
• Data exfiltration vectors where fetched content causes the agent to leak user/system information
• Privacy concerns related to third-party proxy data flow (URLs or content exposed to markdown.new)

• Vulnerabilities in markdown.new itself (report those to their maintainers)
• General LLM jailbreaks unrelated to web content fetching
• Issues requiring the user to be the attacker (the threat model assumes untrusted web pages, not untrusted users)