Web Markdown Navigator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches user-supplied webpages and converts them to markdown, with normal caution needed for web access.

Install only if you want the agent to make outbound requests to URLs you provide. Treat returned webpage text as untrusted source material, verify the script path points to the installed artifact rather than the hard-coded example path, and avoid using it for internal or sensitive URLs unless you are comfortable with that access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to fetch arbitrary external URLs and, when extraction is thin, to use a browser fallback, but it does not clearly warn users about this network access and possible rendered-page interaction. This can surprise users, broaden the trust boundary, and increase exposure to untrusted remote content, especially for JS-heavy pages where browser-based retrieval may execute more complex page behavior than a simple fetch.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal