The Agent Skills Directory

[COMMAND_EXECUTION]: The skill launches and manages Chrome browser instances using the chrome-launcher library. It also executes system utilities such as ps aux to detect existing processes and osascript on macOS to manage browser window focus.
[EXTERNAL_DOWNLOADS]: Fetches web content from arbitrary user-provided URLs and utilizes the defuddle.md service for remote Markdown conversion. It also includes functionality to download images and videos from processed pages to the local file system.
[DATA_EXPOSURE]: Implements a session persistence feature for sites like X/Twitter by exporting and restoring browser cookies to a local file (x-session-cookies.json) within the tool's configuration directory.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted HTML from the internet, creating a potential surface for indirect prompt injection. This risk is effectively mitigated by the html-cleaner.ts module, which strips executable elements (scripts, styles, iframes) and converts the content to Markdown using libraries like turndown and Readability.
Ingestion points: scripts/lib/commands/convert.ts (navigates to external URLs).
Boundary markers: Absent; however, content is strictly sanitized and converted to a non-executable format.
Capability inventory: File system access via node:fs (writing Markdown and media files) and subprocess execution for browser management.
Sanitization: Robust cleaning in scripts/lib/extract/html-cleaner.ts removes scripts, hidden elements, and metadata before extraction.

baoyu-url-to-markdown