website2markdown

This skill is a thin integration that instructs an agent to forward URLs and (when used with the API_TOKEN) credentials to a third-party service (md.genedai.me) which performs fetching, JS rendering, extraction, and crawling. The functionality matches its stated purpose (web-to-markdown conversion, extraction, crawling), but the entire operation relies on sending potentially sensitive URLs and content to an external host with no documented data-retention or privacy guarantees. Key risks: credential forwarding (including insecure ?token usage), unintended exfiltration of private/paywalled/intranet content, and lack of vendor trust/privacy metadata. There is no evidence of obfuscated or self-contained malicious code (no embedded reverse shell or binary install), so this appears to be a privacy and supply-chain trust risk rather than confirmed malware. Recommend: treat as suspicious for sensitive or internal data — do not use with private URLs or secrets; prefer local or trusted in-house scraping methods, avoid putting tokens in query strings, and require explicit user consent before batch/deepcrawl operations.