convert-to-markdown

The skill's purpose-capability alignment is coherent for a web-to-markdown extractor. However, the install mechanism (curling a raw GitHub script and piping to sh) introduces a high-risk supply-chain/vector concern that is disproportionate to the core task and unverifiable. This single risk factor, combined with the potential for clipboard/file outputs to expose sensitive content, warrants at least a suspicious risk posture, with the install vector elevating security risk significantly. Recommend replacing the install approach with a trusted, verifiable package source (official registry, signed releases, or container image) and clearly defining data handling/privacy for outputs.