baoyu-markdown-to-html
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): In
scripts/md/utils/languages.ts, the skill uses dynamicimport()to load and execute JavaScript modules from a remote CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com). The module path is dynamically constructed using the language identifier from Markdown code blocks, which could allow an attacker to execute arbitrary scripts in the agent's runtime environment.- [DATA_EXFILTRATION] (HIGH): The skill's instructions inSKILL.mdspecify reading files from the user's home directory ($HOME/.baoyu-skills/baoyu-markdown-to-html/EXTEND.md). This constitutes sensitive file access outside of the intended project scope.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs network requests toplantuml.cominscripts/md/extensions/plantuml.tsto fetch SVG content and dynamically imports the@antv/infographicpackage inscripts/md/extensions/infographic.ts.- [COMMAND_EXECUTION] (LOW): The skill relies on executing shell commands vianpxandbunto run its main conversion logic. While this is part of its primary function, it involves spawning subprocesses for script execution.- [DATA_EXFILTRATION] (LOW): As an indirect prompt injection surface, the skill ingests untrusted Markdown data and produces HTML. Extension logic ininfographic.tsandplantuml.tsinjects content into the resulting HTML with minimal sanitization, which could lead to XSS or SSRF if the output is rendered in a browser or processed by subsequent tools.
Recommendations
- AI detected serious security threats
Audit Metadata