baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and converts external web content, which can contain instructions intended to manipulate the AI agent.\n
- Ingestion points:
scripts/main.tsfetches arbitrary web content from user-provided URLs.\n - Boundary markers: The skill uses YAML frontmatter to separate metadata, but the converted markdown body lacks explicit delimiters or warnings to ignore embedded instructions.\n
- Capability inventory: The agent context using this skill has capabilities for file system writing (
writeFile,mkdir) and local script execution.\n - Sanitization:
scripts/html-to-markdown.tsremoves executable HTML tags (script, iframe, etc.), but does not filter or sanitize text-based natural language instructions.\n- [Dynamic Execution] (LOW): The skill usesevaluateScriptto execute a static JavaScript template for page cleaning. While this is dynamic execution, the script is hardcoded and does not incorporate untrusted input into the code logic.
Audit Metadata