Skills
skills/jimliu/baoyu-skills/baoyu-markdown-to-html/Gen Agent Trust Hub

baoyu-markdown-to-html

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file scripts/vendor/baoyu-md/src/utils/languages.ts contains logic to dynamically download and execute JavaScript language definitions from an external CDN (https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com). It uses the dynamic import() statement on a URL constructed using language names extracted from the user-provided Markdown content.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch remote content. Specifically, scripts/vendor/baoyu-md/src/images.ts downloads images from arbitrary URLs using a custom downloadFile function, and scripts/vendor/baoyu-md/src/extensions/plantuml.ts fetches SVG content from a PlantUML server.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown data and renders it into a structured HTML output without explicit boundary markers (e.g., delimiters or safety instructions) to prevent the AI agent from obeying instructions embedded in the document. Evidence of this ingestion surface is found in scripts/vendor/baoyu-md/src/renderer.ts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 01:03 PM