markdown2wechat
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert.jsexecutesnpm installviachild_process.execSync. This is used to dynamically install its functional dependencies into a local temporary folder at runtime. - [EXTERNAL_DOWNLOADS]: The skill fetches the
markedandjuicepackages from the public npm registry during the conversion process if they are not already present in the execution environment.
Audit Metadata