md-to-pdf
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): No malicious behavior, obfuscation, or hardcoded credentials detected.
- [EXTERNAL_DOWNLOADS] (SAFE): Downloads standard dependencies via npm during setup.
- [PROMPT_INJECTION] (LOW): Potential indirect prompt injection surface as the skill processes user-supplied markdown files. Evidence: 1. Ingestion: input.md via script argument in md-to-pdf.mjs. 2. Boundaries: No explicit boundary markers or instructions to ignore embedded content are mentioned. 3. Capabilities: Local file-write capability to create the output PDF. 4. Sanitization: Not explicitly documented in the metadata; relies on the underlying crossnote engine for rendering.
Audit Metadata