Skills
AGENT LAB: SKILLS
skills/alchaincyf/huashu-skills/markdown-to-pdf/Gen Agent Trust Hub

markdown-to-pdf

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [External Downloads] (SAFE): The skill references the installation of standard, well-known Python packages markdown2 and weasyprint from PyPI, as well as system dependencies like pango from official repositories. These are trusted sources for the stated functionality.
  • [Indirect Prompt Injection] (LOW): The skill processes user-provided Markdown data which could theoretically contain instructions to influence the agent's behavior.
  • Ingestion points: The convert.py script reads user-provided .md files.
  • Boundary markers: None identified in the provided documentation or script execution instructions.
  • Capability inventory: The skill uses weasyprint which can render HTML/CSS and potentially fetch external assets if not restricted.
  • Sanitization: No explicit sanitization or validation of the Markdown content is mentioned beyond standard library parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:10 PM