baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill fetches content from arbitrary user-provided URLs using the Chrome Developer Tools Protocol. This behavior is consistent with the skill's primary stated purpose.
- [COMMAND_EXECUTION] (SAFE): Executes the local logic using the Bun runtime and manages a Chrome process via CDP.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Because it fetches untrusted content from the internet and presents it to the agent as markdown, a malicious site could embed instructions meant to override agent behavior. Evidence Chain: 1. Ingestion points: Arbitrary external URLs ingested in
scripts/main.ts. 2. Boundary markers: Absent; the output is provided as standard Markdown without specialized delimiters for the agent. 3. Capability inventory: File system writing (writeFile) and network access (browser). 4. Sanitization:cleanupAndExtractScriptinscripts/html-to-markdown.tsremovesscript,style,iframetags andon*attributes (e.g.,onclick,onload) from the DOM before extraction.
Audit Metadata