baoyu-url-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Spawns a local browser instance (Google Chrome, Microsoft Edge, or Chromium) using
child_process.spawn. The skill attempts to locate these executables in standard system paths or respects aURL_CHROME_PATHenvironment variable. The skill also manages a persistent browser profile directory in the user's home folder to maintain login sessions and state. - [PROMPT_INJECTION]: This skill has an attack surface for indirect prompt injection.
- Ingestion points: Fetches content from arbitrary URLs in
scripts/main.ts. - Boundary markers: Output consists of YAML metadata followed by content; no specific delimiters or warnings are used to isolate untrusted web content from the agent's context.
- Capability inventory: Includes process spawning (
scripts/cdp.ts), file system writes (scripts/main.ts), and network requests (scripts/media-localizer.ts). - Sanitization: Uses
jsdomanddefuddleto parse HTML, which may strip active scripts but preserves text-based instructions that can influence the agent. - [EXTERNAL_DOWNLOADS]: Fetches and saves media assets (images, videos) from arbitrary URLs to the local filesystem when the media localization feature is active.
Audit Metadata