Skills
skills/tentacle-pro/skills/baoyu-markdown-to-html/Gen Agent Trust Hub

baoyu-markdown-to-html

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill dynamically downloads and executes external JavaScript code for syntax highlighting.
  • Evidence: In scripts/md/utils/languages.ts, the loadAndRegisterLanguage function uses the import() function to load and execute language modules from a remote URL (https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com/npm/highlightjs/11.11.1/es/languages/${language}.min.js) based on the language specified in markdown code blocks.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated network requests to fetch external assets.
  • Evidence: The downloadFile function in scripts/main.ts uses the http and https modules to download remote images referenced in markdown files to a temporary directory.
  • Evidence: The markedPlantUML extension in scripts/md/extensions/plantuml.ts communicates with www.plantuml.com to generate and optionally fetch diagram assets.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 06:31 AM