Skills
skills/run6270/skill/baoyu-url-to-markdown/Gen Agent Trust Hub

baoyu-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes node:child_process.spawn to launch a local Chrome browser process to render web pages. This is a core feature of the tool, but the executable path can be overridden through the URL_CHROME_PATH environment variable.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content from external websites.
  • Ingestion points: Untrusted data enters the skill via the user-provided URL in scripts/main.ts and is extracted in scripts/html-to-markdown.ts.
  • Boundary markers: The output uses YAML frontmatter and Markdown headers, but it lacks specific instructions to the AI agent to ignore potentially malicious commands embedded in the scraped text.
  • Capability inventory: The skill has the ability to execute local subprocesses (Chrome) and write files to the local filesystem.
  • Sanitization: The script performs HTML cleanup (removing scripts, styles, and certain attributes in scripts/html-to-markdown.ts), but it does not filter for language patterns that might attempt to hijack the AI agent's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 07:30 AM