Skills
skills/jimliu/baoyu-skills/baoyu-url-to-markdown/Gen Agent Trust Hub

baoyu-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the spawn method from node:child_process to launch a Chrome or Chromium browser instance to render target web pages. This occurs in scripts/cdp.ts and scripts/main.ts, using either a path searched in standard system directories or a custom path provided via the URL_CHROME_PATH environment variable.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch the target URL and, if requested via the --download-media flag, uses the fetch API in scripts/media-localizer.ts to download image and video assets from remote servers to the local filesystem.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted third-party content from the web and processes it into Markdown for the agent's context.\n
  • Ingestion points: Content is retrieved from external URLs via the captureUrl function in scripts/main.ts.\n
  • Boundary markers: The Markdown output is delimited by YAML frontmatter generated in scripts/html-to-markdown.ts.\n
  • Capability inventory: The skill has the ability to execute the browser process (spawn), write to the local filesystem (writeFile), and perform network requests (fetch).\n
  • Sanitization: The sanitizeHtml function in scripts/html-to-markdown.ts explicitly removes <script>, <style>, <iframe, and other executable or high-risk tags before conversion.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:14 PM