html-to-markdown

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses uv run to execute localized Python scripts for capturing and converting web content. These operations are restricted to the intended purpose of the skill and utilize standard CLI argument parsing.
  • [DATA_EXPOSURE]: The capture script searches for existing Chrome or Chromium installations on the system (e.g., in standard application directories or Playwright caches) to launch the headless browser. This access is necessary for the skill to function and does not involve accessing sensitive user credentials or private data.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes arbitrary data from the web, which creates a surface for indirect prompt injection attacks where malicious instructions are hidden in the captured webpage content.
  • Ingestion points: Content is ingested via URLs in scripts/capture_html.py and HTML files or stdin in scripts/markmaton_convert.py.
  • Boundary markers: The skill produces Markdown output but does not include explicit delimiters or safety warnings for the agent to treat the content as untrusted data.
  • Capability inventory: The skill possesses the capability to execute shell commands (via uv run) and read local files.
  • Sanitization: The markmaton library performs content extraction and HTML cleaning, which removes scripts but preserves the text content where instructions might reside.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:19 PM
Security Audit — agent-trust-hub — html-to-markdown