Skills
skills/freestylefly/canghe-skills/canghe-url-to-markdown/Gen Agent Trust Hub

canghe-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected in the skill scripts or metadata.\n- [COMMAND_EXECUTION]: The skill uses child_process.spawn to launch a local browser (Chrome, Edge, or Chromium) to render web pages. Filenames for the markdown output are sanitized using a slug generation function that removes special characters, preventing directory traversal attacks.\n- [EXTERNAL_DOWNLOADS]: The skill relies on established, well-known libraries including linkedom, turndown, and @mozilla/readability (from a trusted organization) for content extraction and conversion.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of processing untrusted web content.\n
  • Ingestion points: Fetches arbitrary HTML from user-supplied URLs via scripts/main.ts.\n
  • Boundary markers: None present in the markdown output.\n
  • Capability inventory: Spawns browser processes and writes files to the local disk.\n
  • Sanitization: Uses generateSlug in scripts/main.ts for safe filenames and sanitizeHtml in scripts/html-to-markdown.ts to remove scripts, styles, and iframes.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 11:22 AM