Skills
skills/mderazon/agent-skills/cloudflare-tomarkdown/Gen Agent Trust Hub

cloudflare-tomarkdown

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and convert untrusted content from external URLs and local files, which presents a surface for indirect prompt injection attacks.
  • Ingestion points: The scripts/render.js script fetches arbitrary content via the --url argument and reads local documents via the --file argument.
  • Boundary markers: The script includes a dedicated printSafeOutput function that wraps the converted Markdown in explicit 'START OF UNTRUSTED CONTENT' and 'END OF UNTRUSTED CONTENT' markers, accompanied by a warning for the agent to treat the content as data.
  • Capability inventory: The script uses the fetch API for network operations and fs.readFileSync for local file access.
  • Sanitization: The tool relies on boundary markers and agent instruction rather than semantic content sanitization.
  • [DATA_EXFILTRATION]: The skill transmits data from local files or web sources to Cloudflare's infrastructure for processing.
  • Evidence: scripts/render.js sends content via POST requests to https://api.cloudflare.com/. While Cloudflare is a well-known service and this behavior is essential to the skill's primary function, it involves sending potentially sensitive user data to a third-party API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 10:08 PM