Skills
skills/sundial-org/awesome-openclaw-skills/intomd/Gen Agent Trust Hub

intomd

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to fetch content from https://into.md/, a third-party Markdown conversion service. This dependency on an external service means the agent's input (the target URL) is transmitted to a third party.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill accepts a user-provided URL via the $1 parameter in SKILL.md and fetches its content.
  • Boundary markers: No delimiters or instructions are used to prevent the agent from obeying instructions embedded in the fetched Markdown content.
  • Capability inventory: The skill possesses network read capabilities via curl.
  • Sanitization: There is no sanitization or validation of the fetched content before it is returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:46 PM