web-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's 'AI Optimization Mode' specifically formats untrusted external content for use as AI context. This creates a significant surface for indirect prompt injection where malicious instructions on a web page could influence the agent's behavior once ingested.
- Ingestion points: Arbitrary URLs processed via the
WebFetchtool as seen inREADME.md. - Boundary markers: No explicit delimiters or 'ignore' instructions are mentioned to separate converted content from agent instructions.
- Capability inventory: The skill has file system write access via the
Writetool to save converted documents. - Sanitization: The documentation does not describe any sanitization of the fetched HTML/Markdown to remove potential injection strings.
- External Downloads (LOW): The skill allows the agent to fetch data from any user-provided URL. While necessary for the stated purpose, it enables interaction with untrusted external servers.
- File System Interaction (LOW): Through the
Writetool, the skill can create and modify files on the local system. The documentation suggests users can specify paths (e.g.,docs/guide.md), which requires careful handling of path traversal or overwriting important files.
Audit Metadata