Skills
NYC
skills/daymade/claude-code-skills/pdf-creator/Gen Agent Trust Hub

pdf-creator

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted markdown content and renders it into a PDF without sanitization. * Evidence Chain: 1. Ingestion points: scripts/md_to_pdf.py (reading file content) and scripts/batch_convert.py (processing command-line file arguments). 2. Boundary markers: Absent. 3. Capability inventory: Local file write (PDF generation) and network/file resource fetching via the WeasyPrint engine. 4. Sanitization: None. The markdown library and weasyprint renderer do not restrict raw HTML or external resource loading by default, allowing SSRF or LFI.
  • [Data Exfiltration] (HIGH): Maliciously crafted markdown can leverage the PDF renderer to embed sensitive local files or internal network data directly into the output document.
  • [Command Execution] (LOW): The skill requires manual setup of environment variables like DYLD_LIBRARY_PATH and uses uv run. While necessary for the stated purpose on certain platforms, environment variable overrides can be a vector for library hijacking.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:08 PM