Skills
skills/freestylefly/canghe-skills/canghe-markdown-to-html/Gen Agent Trust Hub

canghe-markdown-to-html

Warn

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/md/utils/languages.ts uses dynamic import() to fetch and execute JavaScript language packages from a remote CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) at runtime.
  • [COMMAND_EXECUTION]: The main entry point scripts/main.ts uses spawnSync to run a secondary render script via npx and bun, which can be exploited if path parameters are manipulated.
  • [EXTERNAL_DOWNLOADS]: The downloadFile function in scripts/main.ts retrieves images from arbitrary external URLs found in the markdown input, which could facilitate SSRF (Server-Side Request Forgery).
  • [EXTERNAL_DOWNLOADS]: The script scripts/md/extensions/infographic.ts attempts to dynamically import the @antv/infographic package, which is not declared in the skill's package.json manifest.
  • [DATA_EXFILTRATION]: The skill processes untrusted markdown content into HTML output. Ingestion points: Markdown file path provided via command-line arguments. Boundary markers: None; the entire file content is parsed. Capability inventory: Command execution via spawnSync, file system operations (fs.writeFileSync), and network requests via https.get/http.get. Sanitization: Uses the marked library for parsing but does not implement strict content security policies for generated HTML.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 24, 2026, 11:23 AM