markdown-novel-viewer
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure path validation in
scripts/lib/http-server.cjsusingpath.resolve()and mandatorystartsWith()checks against a whitelist of allowed directories. This prevents directory traversal attacks even when serving local files. - [SAFE]: External dependencies (
marked,highlight.js, andgray-matter) are standard, well-maintained libraries for markdown parsing, syntax highlighting, and frontmatter handling. - [SAFE]: The server binding behavior is transparent and safe, defaulting to
localhost. Remote access capabilities (binding to0.0.0.0) are documented and require explicit user-provided CLI arguments. - [SAFE]: Error handling includes logic to sanitize error messages, replacing absolute system paths with placeholders to prevent information leakage about the host filesystem structure.
- [SAFE]: Browser interaction is performed using platform-specific commands (
open,start,xdg-open), and URLs are constructed with proper encoding of user-provided paths to prevent shell injection vulnerabilities.
Audit Metadata