The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains multiple directives aimed at overriding platform-level instructions and safety protocols. These include instructions to "Ignore Claude-specific mode-switch instructions" and the use of forceful language like "MANDATORY IMPORTANT MUST CRITICAL" to prevent the agent from deviating from the provided protocol.
[COMMAND_EXECUTION]: The script scripts/lib/chrome-finder.cjs executes shell commands using child_process.execSync to locate browser binaries (e.g., which google-chrome).
[COMMAND_EXECUTION]: The scripts/lib/output-handler.cjs module performs file system modifications, including directory creation via fs.mkdirSync, based on user-controlled output paths.
[EXTERNAL_DOWNLOADS]: The skill documentation references a setup process involving an install.sh script which is not included in the source files, making its behavior unverifiable. Furthermore, the skill is designed to download the Chromium browser (~150MB) if it is not found on the local system.
[REMOTE_CODE_EXECUTION]: The skill processes untrusted Markdown content and YAML frontmatter through the md-to-pdf and gray-matter libraries. This represents a potential attack surface for indirect prompt injection or exploitation of parsing vulnerabilities (e.g., in the underlying js-yaml library used for frontmatter).

markdown-to-pdf