Skills
skills/tuziapi/tuzi-skills/tuzi-url-to-markdown/Gen Agent Trust Hub

tuzi-url-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill spawns a browser process (Chrome, Edge, or Chromium) using node:child_process.spawn to render and interact with web pages. It uses a dedicated user data directory (~/Library/Application Support/tuzi-skills/ or AppData/Roaming/tuzi-skills/) to isolate its profile from the user's primary browser.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to external URLs provided by the user and fetches media assets (images and videos) discovered on those pages to store them locally.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes arbitrary web content.
  • Ingestion points: Web content from any URL fetched via scripts/main.ts and scripts/cdp.ts.
  • Boundary markers: Absent; the converted markdown content is returned without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: File system write access (saving markdown and media), network access (fetching content), and subprocess execution (launching a browser).
  • Sanitization: Uses the jsdom and Defuddle libraries to clean and extract content, and provides automated escaping for metadata values in the YAML frontmatter.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:45 PM