md2docx
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains a hardcoded trial API key ('f4e8fe6f-e39e-486f-b7e7-e037d2ec216f') in both the SKILL.md metadata and the scripts/convert.py script. While documented as a trial key, it represents a hardcoded credential in the codebase.
- [DATA_EXFILTRATION]: The skill transmits the full content of user-provided markdown files to an external API (api.deepshare.app) and references a secondary domain (ds.rick216.cn). These domains are not part of the trusted or well-known services lists.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted markdown content that could contain malicious instructions.
- Ingestion points: User-provided markdown files are read directly into memory in scripts/convert.py.
- Boundary markers: The script does not use any delimiters or protective instructions to prevent the agent from obeying commands embedded within the markdown content.
- Capability inventory: The skill has the ability to perform network POST requests and write files to the local file system.
- Sanitization: No validation or sanitization is performed on the markdown content before it is processed or sent to the external API.
Audit Metadata