markdown-to-pdf
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The conversion script uses the WeasyPrint library to render HTML derived from Markdown. By default, WeasyPrint may attempt to resolve and fetch external resources (such as images via
<img>tags or external stylesheets) embedded in the Markdown content. If the skill processes untrusted Markdown data, this could be used to trigger outbound network requests or potentially leak information via SSRF. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown content without sanitization.
- Ingestion points: Markdown files provided by the user and custom CSS files passed via the
--cssargument are read and processed byscripts/convert.py. - Boundary markers: None. The script reads the raw text of the input files and converts it directly to HTML and then PDF.
- Capability inventory: The script has the capability to read any local file accessible to the agent (via
Path.read_text()), create directories (os.makedirs()), and perform network operations through the PDF rendering engine. - Sanitization: There is no HTML sanitization (e.g., using
bleach) between the Markdown-to-HTML conversion and the PDF generation step. This allows arbitrary HTML/CSS to be passed to WeasyPrint.
Audit Metadata