html-to-md
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a custom JavaScript file located at .github/muscles/html-to-md.cjs using Node.js to handle the conversion logic.
- [EXTERNAL_DOWNLOADS]: The skill includes an optional --download-images flag which enables the agent to make network requests to external URLs to fetch image assets referenced in the HTML.
- [DATA_EXFILTRATION]: While the skill claims to remove tracking pixels, the automated fetching of images from external servers via the --download-images flag could be leveraged for telemetry or data leakage through URL parameters.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted HTML data that could contain hidden instructions which, after conversion to Markdown, may influence the agent's future actions. * Ingestion points: Input HTML documents (SKILL.md). * Boundary markers: None identified; the converted content is not wrapped in markers to differentiate it from instructions. * Capability inventory: File system read/write, network access for images. * Sanitization: The skill documentation states it strips scripts and styles, which reduces execution risk but does not prevent linguistic prompt injection.
Audit Metadata