Skills
skills/daqi/daqi-skills/xhs-md2img/Gen Agent Trust Hub

xhs-md2img

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill uses npx -y to run scripts. This command can download and execute packages from the npm registry without manual verification, posing a potential supply chain risk.
  • COMMAND_EXECUTION (LOW): The skill executes external browser processes through Playwright to render content.
  • DATA_EXFILTRATION (LOW): The logic for converting relative image paths to file:// URLs allows for potential local data exposure. A malicious markdown file could be crafted to render sensitive system files into the output images.
  • PROMPT_INJECTION (LOW): The skill lacks sanitization for the input Markdown, making it vulnerable to indirect prompt injection. Ingestion point: The <markdown-file> CLI argument. Boundary markers: None present. Capability inventory: npx execution, file system read/write, and browser spawning. Sanitization: None mentioned in rendering logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:50 PM