The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill dynamically loads and executes JavaScript modules from an external CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) using the import() function. This occurs in the syntax highlighting utility to support additional programming languages not bundled with the skill. Loading executable code from an unverified third-party source at runtime poses a significant security risk as the remote content could be modified to include malicious logic.
[EXTERNAL_DOWNLOADS]: The skill automatically fetches remote images from URLs provided within the Markdown input files. These images are downloaded using Node.js HTTP/HTTPS modules and stored in a local temporary directory for the duration of the conversion process.
[PROMPT_INJECTION]: The skill processes untrusted Markdown content provided as input, creating a surface for indirect prompt injection.
Ingestion points: Input Markdown files provided by the user via the command-line interface (processed in scripts/main.ts).
Boundary markers: None identified; the skill processes the entire content of the provided Markdown file.
Capability inventory: The skill has capabilities for file system read/write, network operations (image downloads and dynamic JS imports), and can be executed via the agent's shell environment (using bun or npx).
Sanitization: The skill utilizes the marked and remark libraries for parsing Markdown, which provides structural validation, but custom extensions such as those for PlantUML and Infographics process block content which could be manipulated.
[UNVERIFIABLE_DEPENDENCIES]: The skill's rendering logic attempts to dynamically import several packages that are not explicitly listed in its package.json dependencies, such as mermaid and @antv/infographic. This relies on these packages being present in the environment's global scope or a parent directory's node_modules, which is an unreliable and potentially unsafe practice.

opc-markdown-to-html