Skills
skills/famaoai-creator/gemini-skills/pdf-composer/Gen Agent Trust Hub

pdf-composer

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted input.
  • Ingestion points: The skill reads the entire content of a user-provided Markdown file in src/index.ts and passes it to the rendering engine.
  • Boundary markers: No boundary markers or instructions are used to distinguish between user data and instructions during the rendering phase.
  • Capability inventory: The skill utilizes puppeteer in src/lib.ts to render HTML. Puppeteer is capable of executing JavaScript and making network requests (e.g., via waitUntil: 'networkidle0').
  • Sanitization: Markdown content is parsed by the marked library and directly embedded into an HTML template in src/lib.ts without sanitization, allowing for potential HTML/JavaScript injection within the browser instance.
  • [EXTERNAL_DOWNLOADS]: The skill uses dependencies that trigger the download of external executable binaries.
  • Evidence: The package.json and package-lock.json files include puppeteer and phantomjs-prebuilt (via markdown-pdf). These packages are known to download browser binaries (Chromium and PhantomJS) during installation to perform document rendering.
  • [COMMAND_EXECUTION]: The skill executes a browser process with a significantly reduced security posture.
  • Evidence: In src/lib.ts, the browser is launched with the --no-sandbox and --disable-setuid-sandbox flags. These flags disable core security isolation features of the browser, increasing the risk if malicious content is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:16 PM