canghe-url-to-markdown

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No evidence of direct malicious code or credential exfiltration in the provided SKILL.md content. The functionality and file/ENV access are consistent with a webpage capture tool, but there are two notable supply-chain/privacy risks: (1) the example invocation 'npx -y bun ...' can auto-download and execute code from a package registry if bun isn't locally installed, and (2) the 'wait' mode and ability to point at an existing Chrome profile make it easy to capture authenticated/sensitive pages and store PII or session data locally. Recommend: (a) avoid npx -y instructions without verifying the runtime; (b) add explicit warnings about capturing authenticated pages and handling sensitive data; (c) document safe defaults for profile/data directories and output permissions. Overall risk is moderate but not clearly malicious. LLM verification: This SKILL.md describes a plausible and coherent tool for converting webpages to Markdown using Chrome CDP. It does not contain explicit malicious code or clear exfiltration endpoints. However, there are notable supply-chain and privilege risks: (1) invoking 'npx -y bun' performs transient downloads and runtime execution (supply-chain risk); (2) allowing arbitrary Chrome profile directories or data dirs can expose sensitive local browser data (cookies, sessions) when capturing logged-in pages; (