baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
child_process.spawnto launch browser binaries such as Chrome, Chromium, or Edge. It includes platform-specific logic inscripts/cdp.tsto locate these executables on macOS, Windows, and Linux.\n- [REMOTE_CODE_EXECUTION]: JavaScript is dynamically executed within the browser context via the Chrome DevTools Protocol (CDP) using theRuntime.evaluatecommand. This is used to run a content extraction script (cleanupAndExtractScript) on the target webpage.\n- [EXTERNAL_DOWNLOADS]: The skill's core purpose is to download and process content from arbitrary external URLs. Additionally, the documentation suggests usingnpx -y bun, which may download the Bun runtime environment if it is not already installed.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted data from the web and integrates it into the agent's context. Malicious content on a webpage could attempt to influence the agent's subsequent behavior.\n - Ingestion points: Arbitrary external URLs processed in
scripts/main.ts.\n - Boundary markers: The output uses YAML frontmatter and markdown structure, but lacks explicit instructions for the agent to ignore instructions embedded in the webpage content.\n
- Capability inventory: The skill has capabilities for file system access (
mkdir,writeFile) and browser automation (spawn,CDP) viascripts/main.tsandscripts/cdp.ts.\n - Sanitization:
scripts/html-to-markdown.tsperforms HTML sanitization (removing scripts, styles, etc.) before conversion, but the final text content is not validated against prompt injection patterns.
Audit Metadata