Skills
skills/tenequm/skills/download-webpage-as-pdf/Gen Agent Trust Hub

download-webpage-as-pdf

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple command-line utilities to perform its core functionality, including agent-browser for web automation, and standard PDF tools like qpdf, gs (Ghostscript), and pdfinfo for post-processing and optimization.
  • [COMMAND_EXECUTION]: Employs the agent-browser eval command to execute a complex, asynchronous JavaScript block within the browser context. This script performs DOM manipulation to bypass lazy-loading (stripping loading attributes and resolving dataset.src) and automates page scrolling to ensure visual elements are rendered before capture.
  • [EXTERNAL_DOWNLOADS]: Recommends the use of npx percollate as an alternative for reader-mode output. This involves downloading and executing a package from the well-known npm registry at runtime.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, which represents a surface for indirect prompt injection.
  • Ingestion points: agent-browser open <URL> in SKILL.md.
  • Boundary markers: Absent; the external content is rendered directly by the browser and processed by subsequent CLI tools.
  • Capability inventory: Shell command execution (gs, qpdf, pdfinfo), file system writing (/tmp/page.pdf), and browser-side JavaScript execution.
  • Sanitization: None; the skill relies on the standard security boundaries of the headless browser environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:45 PM
Security Audit — agent-trust-hub — download-webpage-as-pdf