baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from external, untrusted URLs. This content is then converted to markdown and potentially fed back into the agent's context, which is a classic vector for indirect prompt injection.
- Ingestion points: External web content is fetched via the Chrome DevTools Protocol (CDP) in
scripts/main.ts. - Boundary markers: No explicit boundary markers or 'ignore' instructions are added to the generated markdown to prevent the LLM from obeying embedded instructions.
- Capability inventory: The skill has the ability to write files to the local disk and initiate network connections via the headless browser.
- Sanitization: The tool focuses on structural conversion (HTML to Markdown) but does not appear to sanitize the textual content for potential natural language injection attacks.
- Dynamic Execution (LOW): The skill uses
evaluateScriptto run JavaScript within the browser context for page extraction. This is a standard and necessary part of the tool's scraping functionality using local scripts.
Audit Metadata