Skills
skills/mrclrchtr/skills/web-fetch-to-markdown/Gen Agent Trust Hub

web-fetch-to-markdown

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bash wrapper (scripts/fetchmd) to execute a local Node.js script (fetchmd.js) for content processing and conversion.
  • [DATA_EXFILTRATION]: The skill performs network operations to fetch content from external URLs.
  • Ingestion points: External content is fetched from user-provided URLs via the fetchmd script.
  • Boundary markers: The instructions in SKILL.md define protocol boundaries (only http:// or https://), though technical delimiters for the fetched content are not specified in the provided files.
  • Capability inventory: The script uses node to process external data.
  • Sanitization: The tool converts HTML to Markdown, providing structural normalization of untrusted web content before it is presented to the agent.
  • [PROMPT_INJECTION]: Because the skill fetches and processes data from arbitrary websites, it is subject to indirect prompt injection. Maliciously crafted content on a fetched page could include hidden instructions intended to override the agent's behavior or exfiltrate data from the current session.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 11:43 AM