baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill launches the Chrome browser using
node:child_process.spawn. It automatically detects Chrome or Edge installations on macOS, Windows, and Linux to perform web scraping. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests content from arbitrary external URLs provided at runtime.
- Ingestion points: Webpage content fetched via Chrome and extracted in
scripts/main.ts. - Boundary markers: The output uses YAML frontmatter for metadata, but the main body contains raw extracted markdown without specialized delimiters to prevent the agent from interpreting instructions found on the webpage.
- Capability inventory: The skill can execute local scripts, launch a browser process, and write converted files to the local disk.
- Sanitization: Metadata values are escaped for YAML compatibility. The conversion from HTML to Markdown via the
turndownlibrary removes dangerous tags like<script>and<iframe>. - [DYNAMIC_EXECUTION]: The skill uses
Runtime.evaluatevia the Chrome DevTools Protocol to execute a hardcoded JavaScript snippet within the browser context to extract page metadata. This script does not incorporate untrusted external input into its logic.
Audit Metadata