md2docx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill contains a hardcoded trial API key (f4e8fe6f-e39e-486f-b7e7-e037d2ec216f) within the documentation, which could lead to credential abuse or exposure.
- [DATA_EXFILTRATION] (HIGH): The skill transmits user-provided markdown content to a third-party domain (api.deepshare.app) that is not included in the trusted whitelist. This poses a risk for the exfiltration of sensitive information contained within the documents.
- [COMMAND_EXECUTION] (LOW): The skill instructions direct the agent to execute a local Python script (scripts/convert.py) to facilitate the conversion, which is a standard operational procedure but relies on the integrity of the local script.
- [PROMPT_INJECTION] (MEDIUM): There is an indirect prompt injection surface as the skill processes external markdown content without explicit boundary markers or sanitization, potentially allowing malicious instructions embedded in the markdown to influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata