pdf-creator
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/md_to_pdf.pydynamically modifies theDYLD_LIBRARY_PATHenvironment variable on macOS to include/opt/homebrew/lib. This is a form of dynamic library path manipulation that can influence which shared libraries are loaded at runtime. - [COMMAND_EXECUTION]: Multiple scripts execute shell commands via
subprocess.run(): scripts/md_to_pdf.pyexecutespandocto convert markdown to HTML.scripts/tests/test_list_rendering.pyexecutesuv runandpdftotextto verify output.- [COMMAND_EXECUTION]:
scripts/batch_convert.pyperforms dynamic path injection by inserting its parent directory intosys.pathat index 0, affecting module resolution logic. - [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface as it ingests untrusted markdown data from files and processes them using a system-level tool (
pandoc). - Ingestion points: File paths provided via CLI arguments in
scripts/md_to_pdf.pyandscripts/batch_convert.py. - Boundary markers: Absent; the content is read and passed directly to the conversion pipeline.
- Capability inventory: Subprocess execution of
pandocand file-writing capabilities to the local filesystem. - Sanitization: None; the script reads raw file content and passes it to the
inputparameter ofsubprocess.run()without validation or escaping.
Audit Metadata