uapi-get-web-tomarkdown-async-status
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection because it ingests and processes content from external web pages (converted to Markdown) which is then provided to the agent's context.
- Ingestion points: The task result retrieved via
GET /web/tomarkdown/async/{task_id}inreferences/operations/get-web-tomarkdown-async-status.md. - Boundary markers: None identified; the parsed web content is likely interpolated directly into the prompt context.
- Capability inventory: The skill allows the agent to read external web data, but does not grant file-writing, network-sending (beyond the status check), or command-execution capabilities.
- Sanitization: No explicit sanitization or filtering of the processed Markdown content is described.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
uapis.cnto retrieve task statuses and parsed web content. These are standard operations for the service described and represent vendor-owned infrastructure.
Audit Metadata