lovstudio-any2pdf
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/md2pdf.pydownloads emoji assets from the well-known CDNcdnjs.cloudflare.comto support inline emoji rendering. It also allows for the downloading of remote images referenced within the Markdown source file via standard HTTP/HTTPS requests. - [INDIRECT_PROMPT_INJECTION]: The skill ingests Markdown content which represents a potential attack surface if the source data is untrusted.
- Ingestion points: The script
scripts/md2pdf.pyreads the entire content of the input Markdown file for processing. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the Markdown source content.
- Capability inventory: The skill possesses capabilities for local file system access (reading the source, writing to a temporary cache) and network access for asset retrieval.
- Sanitization: The script implements an
escfunction that performs standard XML entity escaping on text before it is rendered into the PDF paragraphs.
Audit Metadata