Html2md

The skill is internally consistent: it converts HTML to markdown, the included code and instructions match that purpose, and it does not request unrelated credentials or background persistence.

This skill appears to do what it says: converting HTML to markdown using well-known JS libraries. Before installing: (1) review the package.json/package-lock if you have supply-chain concerns — `npm install` will fetch many transitive packages; (2) do not pass untrusted, user-controlled URLs into the tool if your environment could be harmed by SSRF; (3) do not point `--file` at sensitive local files unless you intend to expose them; (4) the README recommends using execFileSync when calling from Node to avoid shell injection — follow that advice. If you need stronger guarantees, run `npm install` in an isolated environment, audit dependency versions, or vendor the small set of dependencies you trust.