md-to-html
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
.github/muscles/md-to-html.cjsusing Node.js and relies on external binaries includingpandocand@mermaid-js/mermaid-clito perform file conversions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown data which could contain malicious HTML, scripts, or instructions designed to influence the agent's behavior during the conversion process.
- Ingestion points: Markdown source files (e.g.,
report.md,*.md) provided as command-line arguments to the script. - Boundary markers: The system treats the entire Markdown file as data to be converted; no explicit boundary markers or instruction isolation for the processed content are visible in the skill description.
- Capability inventory: The skill has the ability to read and write files on the local system and execute shell commands (
pandoc,node,mmdc). - Sanitization: The conversion acceptance table explicitly mentions validating HTML and rejecting content containing scripts from untrusted sources, providing a layer of defense against malicious input.
Audit Metadata