html-to-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill loads a local HTML file into headless Chromium but explicitly fetches external resources (it injects https://fonts.googleapis.com and the code waits for Tailwind CDN/other remote assets via networkidle0 during page.goto), so arbitrary/untrusted third-party URLs referenced by the HTML can be loaded and materially affect rendering and the PDF-generation decisions (e.g., measured scrollHeight, layout, timing).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly runs headless Chromium with the sandbox disabled (--no-sandbox) and suggests system-level installs (e.g., fonts), which constitute bypassing a security mechanism and altering host state even though it doesn't request sudo or create users.