Skills
skills/duc01226/easyplatform/markdown-to-pdf/Gen Agent Trust Hub

markdown-to-pdf

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/lib/chrome-finder.cjs invokes the which utility through child_process.execSync to locate Chrome or Chromium binaries on Unix-like systems. This operation uses a static command string and does not incorporate untrusted input.
  • [PROMPT_INJECTION]: The skill ingests untrusted Markdown and CSS files provided by the user. Instructions in SKILL.md encourage the agent to read these files, creating a vulnerability to indirect prompt injection. 1. Ingestion points: Markdown and CSS files are read into the application context via scripts/lib/config-loader.cjs. 2. Boundary markers: No delimiters or explicit instructions are provided to the agent to treat file content as untrusted data. 3. Capability inventory: The skill can read from and write to the local file system and execute Node.js conversion scripts. 4. Sanitization: The skill does not sanitize or escape the Markdown content before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 02:51 AM