md2pdf-export

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup/install steps fetch and execute remote install scripts at runtime (e.g., curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash and curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -), which runs remote code to install required dependencies (Node.js/Puppeteer) needed for the skill to operate.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs installing system packages (including sudo apt-get install lines), running installer scripts that modify the system, and explicitly mentions bypassing Chrome sandbox (--no-sandbox), which pushes changes and security-workarounds on the host.