lovstudio-any2pdf

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/md2pdf.py downloads emoji assets from the well-known CDN cdnjs.cloudflare.com to support inline emoji rendering. It also allows for the downloading of remote images referenced within the Markdown source file via standard HTTP/HTTPS requests.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests Markdown content which represents a potential attack surface if the source data is untrusted.
  • Ingestion points: The script scripts/md2pdf.py reads the entire content of the input Markdown file for processing.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the Markdown source content.
  • Capability inventory: The skill possesses capabilities for local file system access (reading the source, writing to a temporary cache) and network access for asset retrieval.
  • Sanitization: The script implements an esc function that performs standard XML entity escaping on text before it is rendered into the PDF paragraphs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:35 AM
Security Audit — agent-trust-hub — lovstudio-any2pdf