The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill documentation instructs users to install standard, well-known software including the Python packages markdown2 and weasyprint, and the system library pango. These are appropriate for the skill's primary purpose.- [COMMAND_EXECUTION] (SAFE): The skill operates by executing a local Python script (convert.py) via the CLI. This is standard behavior for a document conversion utility.- [PROMPT_INJECTION] (LOW): As the skill processes untrusted Markdown data and converts it to PDF via an intermediate HTML step, it is theoretically susceptible to indirect prompt injection. A malicious Markdown file containing specific HTML or CSS (e.g., <img> tags pointing to local files) could attempt to perform Local File Inclusion (LFI) or Server-Side Request Forgery (SSRF) during rendering, depending on the configuration of the rendering engine.

huashu-md-to-pdf