Skills
skills/jackiexiao/jackie-skills-starter/baoyu-url-to-markdown/Gen Agent Trust Hub

baoyu-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection risk. The skill processes untrusted web content which may contain malicious instructions for the agent.
  • Ingestion points: scripts/main.ts fetches content from user-provided URLs.
  • Boundary markers: YAML frontmatter is used but lacks specific instructions to disregard commands in the body.
  • Capability inventory: writeFile in scripts/main.ts and subprocess execution in scripts/cdp.js.
  • Sanitization: Conversion logic is in an external file (html-to-markdown.js) and cannot be verified for instruction-stripping.
  • COMMAND_EXECUTION (LOW): The skill launches processes (Chrome via CDP) and allows overwriting local files using the --output parameter without path validation.
  • DATA_EXFILTRATION (LOW): The script can perform network requests to any domain to fetch HTML content, which could be used to probe internal network resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 06:25 PM