md-to-pdf
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/md_to_pdf.pycontains acheck_dependencies()function that automatically executespip installviasubprocess.check_callto install missing packages (reportlab,markdown,beautifulsoup4,html5lib) at runtime. This allows for unverified code execution from a remote registry during the skill's initialization phase. - [COMMAND_EXECUTION]: The skill uses
subprocess.check_callto interact with the system's package manager (pip). This pattern of spawning subprocesses to modify the environment is a high-risk activity often associated with privilege escalation or environment poisoning. - [EXTERNAL_DOWNLOADS]: The script uses
urllib.request.urlopento download images from arbitrary HTTP/HTTPS URLs provided within Markdown files. These downloads are saved to temporary files and processed, which can be used to trigger Server-Side Request Forgery (SSRF) or deliver malicious payloads via image processing vulnerabilities. - [DATA_EXFILTRATION]: The script explicitly searches for and reads local files, including those with absolute paths or paths relative to the Markdown file being processed. This capability, combined with its ability to make external network requests for images, creates a pathway for reading sensitive local files and potentially leaking their metadata or contents through external requests.
Recommendations
- AI detected serious security threats
Audit Metadata