html-to-markdown
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes npx to run @wcj/html-to-markdown-cli at runtime. This package is not maintained by a trusted organization (per the analyst's trusted source list), which introduces risks related to the execution of unvetted remote code from the npm registry.
- COMMAND_EXECUTION (MEDIUM): Shell commands are executed via npx with user-supplied URL arguments. This pattern is inherently risky as it depends on the security of the third-party CLI tool to handle potentially malicious URLs or argument injection.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it converts arbitrary HTML content into markdown for the agent to read. * Evidence Chain: 1. Ingestion points: Content is fetched from a user-provided . 2. Boundary markers: Absent; there are no instructions for the agent to treat the output as untrusted or to use delimiters. 3. Capability inventory: The agent has the ability to execute shell commands. 4. Sanitization: Absent; the skill lacks automated filtering or escaping of the fetched content.
Audit Metadata