Skills
skills/tenequm/skills/download-webpage-as-pdf/Gen Agent Trust Hub

download-webpage-as-pdf

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends the use of npx percollate, which involves downloading and executing a package from the NPM registry at runtime.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use various command-line utilities for web interaction and document processing, specifically agent-browser, qpdf, gs (Ghostscript), and pdfinfo. These operations are limited to standard file manipulation and browser control.
  • [PROMPT_INJECTION]: The skill is designed to process arbitrary external web content, which presents a surface for indirect prompt injection.
  • Ingestion points: The skill ingests untrusted data via the <URL> parameter passed to agent-browser and percollate in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or guardrails to prevent the agent from following instructions embedded in the target webpage.
  • Capability inventory: The skill utilizes browser automation (agent-browser), shell execution (qpdf, gs), and local file system access for temporary storage.
  • Sanitization: There is no evidence of URL validation or content sanitization to mitigate risks from malicious web data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:34 PM