convert-url-html-to-md
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (MEDIUM): The skill is a vector for Indirect Prompt Injection because it fetches untrusted web content.
- Ingestion points: Arbitrary HTML content is fetched from user-provided URLs in
scripts/convert_url.jsandlib/url_to_markdown_readers.js. - Boundary markers: None. The output is provided to the agent as raw markdown without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill facilitates network ingestion and supplies context that directly influences agent reasoning.
- Sanitization: HTML script and style tags are stripped via
lib/url_to_markdown_common_filters.jsto mitigate execution during processing, but natural language instructions remain unfiltered. - External Downloads (MEDIUM): The skill executes network requests to non-whitelisted domains.
- This behavior allows for the ingestion of untrusted data and could be leveraged for Server-Side Request Forgery (SSRF) to probe internal network resources available to the agent.
Audit Metadata