Skills
skills/gupsammy/claudest/convert-to-markdown/Gen Agent Trust Hub

convert-to-markdown

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The Phase 3 instructions suggest running curl -sSL https://raw.githubusercontent.com/gupsammy/EzyCopy/main/install.sh | sh if the tool is missing. This pattern is extremely dangerous as it executes unverified code from the internet directly in the user's shell environment.
  • [COMMAND_EXECUTION]: The skill is built around the execution of shell commands through the Bash tool to interact with the ezycopy CLI and perform system-level operations like writing to files or modifying the clipboard.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external resources from raw.githubusercontent.com, which is used to pull the installation script for the ezycopy tool.
  • [PROMPT_INJECTION]: The skill processes content from arbitrary URLs provided by users, which creates an attack surface for indirect prompt injection.
  • Ingestion points: Content extracted from URLs (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Bash command execution (SKILL.md).
  • Sanitization: Absent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/gupsammy/EzyCopy/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 03:40 PM