Skills
skills/dev-goraebap/skills/docs-to-md/Gen Agent Trust Hub

docs-to-md

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local helper script scripts/discover.mjs using the Bash tool to identify documentation pages. This is a standard architectural pattern for complex logic in skills and does not involve executing untrusted remote code.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to discover and fetch documentation pages. It attempts to locate standard files like llms.txt, llms-full.txt, and sitemap.xml from the origin of the user-provided URL. This behavior is the primary purpose of the skill and is documented transparently.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to all web-scraping tools, as it ingests untrusted content from external websites.
  • Ingestion points: Web content is ingested via the WebFetch tool as described in SKILL.md (Step 4).
  • Boundary markers: The skill includes instructions to the agent to return the full page content as Markdown without summarizing, which acts as a basic instruction boundary.
  • Capability inventory: The skill possesses the Write tool to save files to the local disk and the Bash tool to execute its discovery script.
  • Sanitization: No explicit sanitization of the scraped Markdown content is performed before writing to the local file system. However, the files are stored as data and are not executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 12:21 PM