baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the baoyu-fetch npm package via the bun package manager during its initial setup to provide core web-fetching capabilities.
- [COMMAND_EXECUTION]: The agent is instructed to construct and execute shell commands using the baoyu-fetch binary, incorporating user-provided URLs and desired output file paths.
- [DATA_EXFILTRATION]: The skill fetches data from arbitrary external URLs provided by the user. It also accesses local Chrome profile directories (via the BAOYU_CHROME_PROFILE_DIR environment variable or default paths) to maintain authentication states, which involves processing sensitive browser data like cookies and session information.
- [INDIRECT_PROMPT_INJECTION]: The skill ingest and processes untrusted content from external websites. Ingestion points: Arbitrary web URLs processed in SKILL.md. Boundary markers: Absent (the skill does not define specific delimiters to separate fetched content from agent instructions). Capability inventory: Shell command execution of the CLI and filesystem writes to local directories. Sanitization: Relies on the baoyu-fetch tool's internal conversion of HTML to Markdown.
Audit Metadata