web-to-markdown
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to the nature of its core functionality.
- Ingestion points: The scripts
scripts/url_to_markdown.mjs,scripts/fetch_generic_fallback.mjs, andscripts/fetch_special_sites.mjsfetch HTML or text content from arbitrary user-supplied URLs. - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore any commands or malicious prompts that might be embedded in the fetched web content.
- Capability inventory: The skill has network access and utilizes browser automation (
puppeteer) to render pages, which could be exploited if a malicious page triggers unintended browser behaviors. - Sanitization: Although the skill uses
@mozilla/readabilityto extract article content andturndownto convert it to Markdown, it does not sanitize the resulting text for LLM instructions. Any instructions present in the fetched page will be included in the Markdown returned to the agent.
Audit Metadata