baoyu-url-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary public URLs (see SKILL.md usage "npx ... scripts/main.ts ") and scripts/main.ts launches Chrome, navigates to the provided URL and runs cleanupAndExtractScript via evaluateScript to extract the page HTML/metadata, so untrusted third‑party page content is ingested and used in the conversion workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill launches Chrome at runtime and navigates to the user-supplied target URL (the argument passed to scripts/main.ts), causing arbitrary remote webpage JavaScript to run in the spawned browser process (using a persistent profile dir), which constitutes executing remote code fetched during runtime.