Skills
skills/jackiexiao/jackie-skills-everyday/baoyu-markdown-to-html/Gen Agent Trust Hub

baoyu-markdown-to-html

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The script scripts/md/utils/languages.ts dynamically imports JavaScript grammars for syntax highlighting from a non-whitelisted CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com), which is not among the trusted sources.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The use of dynamic import() on URLs computed from external CDN paths allows the execution of remote code that is not part of the skill's static distribution.
  • [DATA_EXFILTRATION] (LOW): The PlantUML extension (scripts/md/extensions/plantuml.ts) encodes and sends user-provided diagram source code to www.plantuml.com to fetch rendered images or SVG content.
  • [COMMAND_EXECUTION] (SAFE): The execution of the conversion script via npx -y bun is a standard practice for this skill's functionality and occurs locally on the provided markdown files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 01:42 PM