md-to-pdf
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from markdown files without specified boundary markers or sanitization. Combined with its file-writing capability (outputting PDFs), this creates a significant attack surface where malicious content could influence agent behavior or exploit the conversion process.
- No Code (HIGH): The critical logic file 'scripts/md-to-pdf.py' is not included in the skill package, which prevents inspection for malicious behavior, network exfiltration, or unsafe command execution.
- External Downloads (MEDIUM): The usage of 'uv run' implies that the environment will resolve and download dependencies like 'reportlab' from public repositories at runtime, introducing potential supply chain risks.
- Command Execution (LOW): Documentation indicates the skill operates by executing a Python script via a CLI tool.
Recommendations
- AI detected serious security threats
Audit Metadata