Skills
skills/zephyrwang6/draw-skill/markdown-to-image/Gen Agent Trust Hub

markdown-to-image

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external Markdown content and renders it into HTML for image generation. The lack of robust sanitization on input data creates a surface where malicious formatting or embedded HTML tags could influence the output or the rendering environment.
  • Ingestion points: Markdown files read via the --file argument in scripts/md2img.py and scripts/md_to_image.py.
  • Boundary markers: No delimiters or warnings are used to isolate untrusted content during prompt interpolation or rendering.
  • Capability inventory: The skill has file system access (read/write), network capabilities (via requests), and browser automation control (via playwright).
  • Sanitization: The scripts use basic regular expressions to replace specific Markdown syntax with HTML tags, but do not perform comprehensive sanitization or escaping of the input content.
  • [EXTERNAL_DOWNLOADS]: The scripts fetch external resources during execution.
  • Downloads font styles from Google's public font service during the rendering process.
  • Retrieves video thumbnails from YouTube's CDN (i.ytimg.com) and metadata from noembed.com.
  • [COMMAND_EXECUTION]: The skill utilizes the playwright library to launch and manage a Chromium browser instance to perform the conversion of HTML templates into PNG images.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:30 AM