md-to-pdf
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (MEDIUM): The Prerequisites section instructs the user to run 'sudo tlmgr install' to add LaTeX packages. Using 'sudo' grants administrative privileges and is a high-risk operation. This finding is downgraded from HIGH to MEDIUM as it is associated with the primary setup purpose of the skill.
- Indirect Prompt Injection (LOW): The skill processes untrusted markdown content (INPUT.md) using the xelatex engine, which could be exploited to include local files or execute LaTeX macros if the input is malicious. 1. Ingestion points: INPUT.md file content. 2. Boundary markers: Absent; no delimiters or ignore-instructions are used. 3. Capability inventory: Accesses local resources via --resource-path and renders documents using the xelatex engine. 4. Sanitization: Absent; input is passed directly to pandoc.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires external software like pandoc and basictex to be installed via Homebrew. These are well-known tools from trusted sources, so the dependency risk is downgraded per the trust scope rule.
Audit Metadata