markdown-extract

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends a URL to markdown.new and returns extracted markdown, with no evidence of hidden access or persistence.

Install only if you are comfortable sending submitted URLs, and potentially the fetched page content, to markdown.new. Use it for public webpages; avoid internal, authenticated, signed, or sensitive URLs unless you trust that external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly sends user-supplied URLs to the third-party markdown.new service, but the documentation does not clearly warn users that their input will be transmitted to an external provider. This creates a privacy and data-handling risk because users may submit internal, sensitive, or access-controlled URLs without realizing they are being disclosed to a third party.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user-supplied URLs to a third-party service at markdown.new, which can disclose sensitive internal URLs, access patterns, or embedded credentials in the URL string. In an agent setting, this is more dangerous because users may assume local processing while the skill silently exfiltrates targets to an external API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal