Fix Sphinx markdown builder warnings for admonitions

Replace MyST-Parser admonition syntax (:::{tip} and :::{admonition})
with plain markdown formatting using bold text prefixes. The
sphinx_markdown_builder doesn't fully support these node types.

Author: claude

README.md

@@ -184,6 +184,7 @@ See also [the llm tag](https://simonwillison.net/tags/llm/) on my blog.
     * [Extra HTTP headers](https://llm.datasette.io/en/stable/other-models.html#extra-http-headers)
 * [Tools](https://llm.datasette.io/en/stable/tools.html)
   * [How tools work](https://llm.datasette.io/en/stable/tools.html#how-tools-work)
+  * [Warning: Tools can be dangerous](https://llm.datasette.io/en/stable/tools.html#warning-tools-can-be-dangerous)
   * [Trying out tools](https://llm.datasette.io/en/stable/tools.html#trying-out-tools)
   * [LLM’s implementation of tools](https://llm.datasette.io/en/stable/tools.html#llm-s-implementation-of-tools)
   * [Default tools](https://llm.datasette.io/en/stable/tools.html#default-tools)

docs/templates.md

@@ -112,13 +112,11 @@ llm templates edit summarize
 ```
 This will open the system default editor.
 
-:::{tip}
-You can control which editor will be used here using the `EDITOR` environment variable - for example, to use VS Code:
+**Tip:** You can control which editor will be used here using the `EDITOR` environment variable - for example, to use VS Code:
 ```bash
 export EDITOR="code -w"
 ```
 Add that to your `~/.zshrc` or `~/.bashrc` file depending on which shell you use (`zsh` is the default on macOS since macOS Catalina in 2019).
-:::
 
 You can create or edit template files directly in the templates directory. The location of this directory is shown by the `llm templates path` command:
 ```bash

docs/tools.md

@@ -20,14 +20,11 @@ A tool is effectively a function that the model can request to be executed. Here
 
 This sequence can run several times in a loop, allowing the LLM to access data, act on that data and then pass that data off to other tools for further processing.
 
-:::{admonition} Tools can be dangerous
-:class: danger
-
 (tools-warning)=
 
 ## Warning: Tools can be dangerous
 
-Applications built on top of LLMs suffer from a class of attacks called [prompt injection](https://simonwillison.net/tags/prompt-injection/) attacks. These occur when a malicious third party injects content into the LLM which causes it to take tool-based actions that act against the interests of the user of that application.
+**Danger:** Applications built on top of LLMs suffer from a class of attacks called [prompt injection](https://simonwillison.net/tags/prompt-injection/) attacks. These occur when a malicious third party injects content into the LLM which causes it to take tool-based actions that act against the interests of the user of that application.
 
 Be very careful about which tools you enable when you potentially might be exposed to untrusted sources of content - web pages, GitHub issues posted by other people, email and messages that have been sent to you that could come from an attacker.
 
@@ -38,7 +35,6 @@ Watch out for [the lethal trifecta](https://simonwillison.net/2025/Jun/16/the-le
 - the ability to exfiltrate information
 
 Anyone who can feed malicious instructions into your LLM - by leaving them on a web page it visits, or sending an email to an inbox that it monitors - could be able to trick your LLM into using other tools to access your private information and then exfiltrate (pass out) that data to somewhere the attacker can see it.
-:::
 
 (tools-trying-out)=