Skills
skills/tuziapi/tuzi-skills/baoyu-url-to-markdown/Gen Agent Trust Hub

baoyu-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/cdp.ts uses node:child_process.spawn to launch a local browser (Chrome, Edge, or Chromium) found on the host system to render the target web pages.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests using the fetch API in scripts/media-localizer.ts to download media assets (images and videos) from external web pages to the local filesystem.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it processes untrusted data from the web.
  • Ingestion points: The skill fetches HTML content from arbitrary user-provided URLs in scripts/main.ts.
  • Boundary markers: The skill lacks explicit delimiters or instructions to the agent to disregard instructions potentially embedded within the converted markdown output.
  • Capability inventory: The skill has the ability to spawn processes, perform network requests, and read/write to the local filesystem.
  • Sanitization: Content extraction is performed via jsdom and defuddle, which are designed for structural parsing and readability but do not offer security-focused sanitization against malicious instructions embedded in the page text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:05 PM