baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill launches a Chrome/Edge/Chromium browser using
node:child_process.spawn. It searches for common executable paths across different operating systems or uses theURL_CHROME_PATHenvironment variable. It also instructs the agent to usetest -fshell commands to locate configuration files. - [EXTERNAL_DOWNLOADS]: The skill navigates to and fetches content from arbitrary external URLs provided at runtime to perform its primary function of URL-to-markdown conversion.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests content from external websites, converts it to markdown, and returns it to the agent's context. A malicious website could include natural language instructions designed to manipulate the agent's subsequent behavior.
- Ingestion points: Web content is fetched from user-provided URLs in
scripts/main.tsand processed inscripts/html-to-markdown.ts. - Boundary markers: The output is wrapped in YAML frontmatter and markdown headers, but there are no explicit instructions to the agent to treat the converted content as untrusted data or to ignore embedded commands.
- Capability inventory: The skill can spawn browser processes, read local configuration files, and write converted markdown files to the local file system.
- Sanitization: The skill uses
linkedomandturndownto strip potentially dangerous HTML tags like<script>,<style>, and<iframe>, but it does not sanitize or filter the natural language text for malicious instructions.
Audit Metadata