Skills
skills/jackiexiao/jackie-skills-everyday/baoyu-url-to-markdown/Gen Agent Trust Hub

baoyu-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exposes a surface for indirect prompt injection by fetching and converting arbitrary web content into markdown for the agent.\n
  • Ingestion points: Untrusted data enters via the url argument processed in scripts/main.ts and fetched in captureUrl.\n
  • Boundary markers: Absent. There are no delimiters or warnings to the agent to ignore instructions within the converted markdown.\n
  • Capability inventory: The skill has file-writing capabilities (writeFile in main.ts) and network access via Chrome CDP to any user-provided URL.\n
  • Sanitization: The analyzed code does not implement sanitization or filtering to remove potential prompt injection attacks from the HTML/markdown content.\n- EXTERNAL_DOWNLOADS (LOW): The SKILL.md instructions use npx -y bun, which downloads the Bun runtime from the npm registry if it is not locally available.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 01:42 PM