baoyu-markdown-to-html
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Dynamically imports and executes JavaScript modules for syntax highlighting from an external CDN (
cdn-doocs.oss-cn-shenzhen.aliyuncs.com) using theimport()function at runtime inscripts/vendor/baoyu-md/src/utils/languages.ts. - [EXTERNAL_DOWNLOADS]: Fetches and downloads remote images from URLs specified within input markdown files to a local directory for processing, as documented in
scripts/vendor/baoyu-md/src/images.ts. - [DATA_EXFILTRATION]: Sends markdown content contained within PlantUML code blocks to a remote rendering server (
plantuml.com) to generate diagram images, as seen inscripts/vendor/baoyu-md/src/extensions/plantuml.ts. - [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface by processing untrusted markdown data without robust sanitization or explicit boundary markers.
- Ingestion points: Reads user-provided markdown files via the
inputPathparameter inscripts/main.ts. - Boundary markers: Absent; the skill does not wrap interpolated data in markers or include instructions to ignore embedded commands.
- Capability inventory: Includes file system read/write access, network operations (HTTP/HTTPS GET and fetch), and dynamic execution of scripts.
- Sanitization: Lacks a dedicated HTML sanitizer for the main output body; sanitization is only applied to metadata summary fields using basic regular expressions.
- Ingestion points: Reads user-provided markdown files via the
- [COMMAND_EXECUTION]: Instructs the agent to execute shell commands using the
bunruntime ornpxto perform the markdown-to-html conversion.
Audit Metadata