markdown-url
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to route all web traffic through
markdown.new, a third-party service. While this is the intended functionality of the skill, it introduces a dependency on an external service for data processing. - [DATA_EXFILTRATION] (LOW): By prefixing URLs with a third-party domain, the destination URLs (which may contain sensitive tokens, IDs, or search queries) are shared with the
markdown.newservice. The skill includes policy guidelines to avoid this for authenticated sites, which mitigates but does not eliminate the risk. - [INDIRECT_PROMPT_INJECTION] (LOW): As a skill designed to ingest and process web content, it is inherently susceptible to indirect prompt injection if the source website contains instructions intended to manipulate the agent.
- Ingestion points: Web content retrieved via
https://markdown.new/(SKILL.md). - Boundary markers: Absent. The instructions do not specify delimiters to separate untrusted web content from agent instructions.
- Capability inventory: The skill uses
nodefor a local CLI helper (scripts/markdown-url.js), but the primary agent capability is web browsing and content extraction. - Sanitization: None detected. The content is used directly for summaries and notes.
Audit Metadata