Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- The converter allows a caller-supplied api_endpoint and then POSTs the full Markdown content to that remote host. In an agent/skill context, this creates an arbitrary outbound network path that can exfiltrate document contents to attacker-controlled infrastructure or be abused for SSRF-like access if internal endpoints are reachable.
