md-to-pdf
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/setup.shscript executes commands with administrative privileges (sudo apt-get install) to install system dependencies, which is a high-risk operation for an agent skill. - [COMMAND_EXECUTION]: The
scripts/md_to_pdf.pyscript usessubprocess.runto execute various external binaries (mmdc,pandoc,node) to process user-provided markdown content. - [EXTERNAL_DOWNLOADS]: The setup script performs global installations of packages from external registries using
npm install -gandpip install, and triggers the download of the Chromium browser binary. - [PROMPT_INJECTION]: The skill processes untrusted markdown data through multiple rendering stages (Mermaid, KaTeX, Playwright/Chromium), presenting a significant surface for indirect prompt injection.
- Ingestion points: The main script
scripts/md_to_pdf.pyreads content directly from the user-provided markdown file. - Boundary markers: No security delimiters or warnings are used to prevent the downstream rendering engines from interpreting malicious instructions embedded in the markdown.
- Capability inventory: The conversion process involves file system writes, external command execution, and a headless browser capable of local file access and network requests.
- Sanitization: The skill lacks validation or sanitization of the input markdown, Mermaid diagrams, or LaTeX equations before they are passed to external processors.
Recommendations
- AI detected serious security threats
Audit Metadata