Skills
skills/jimliu/baoyu-skills/baoyu-markdown-to-html/Gen Agent Trust Hub

baoyu-markdown-to-html

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (MEDIUM): The file scripts/md/utils/languages.ts dynamically imports JavaScript modules from an external CDN (https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com) at runtime.
  • Evidence: const module = await import(/* @vite-ignore */ grammarUrlFor(language)) where grammarUrlFor points to an Alibaba Cloud OSS bucket. This bypasses static analysis and allows the execution of arbitrary code if the CDN is compromised.
  • External Downloads (LOW): The skill fetches content from external services for rendering diagrams.
  • Evidence: scripts/md/extensions/plantuml.ts fetches SVG content from https://www.plantuml.com/plantuml using the fetch API. While the source is standard for PlantUML, fetching and injecting external SVG data into the output is a known vector for XSS if not properly sanitized.
  • Indirect Prompt Injection (LOW): The skill processes untrusted Markdown files which could contain malicious payloads targeting the rendering engine or the end-user's viewing environment (e.g., WeChat).
  • Ingestion points: Input markdown file path provided as a CLI argument to scripts/main.ts.
  • Boundary markers: Absent; the skill reads and processes the entire file content.
  • Capability inventory: File system write access (article.html), execution of TypeScript via bun, and network access for external resources.
  • Sanitization: Relies on the marked library for parsing. No explicit sanitization or stripping of dangerous HTML tags (like <script>) is visible in the provided logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:35 PM