Skills
skills/mathews-tom/armory/md-to-pdf/Gen Agent Trust Hub

md-to-pdf

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/md_to_pdf.py executes the pandoc, mmdc, and node binaries using subprocess.run. Additionally, the scripts/setup.sh utility utilizes sudo for system package installation.\n- [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script installs software dependencies from the official Debian APT, NPM, and PyPI registries.\n- [REMOTE_CODE_EXECUTION]: The conversion pipeline employs Playwright (headless Chromium) to render HTML content derived from user-provided Markdown. Processing untrusted content in a browser engine presents a potential risk of local file access or script execution if malicious payloads are processed.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of external Markdown files.\n
  • Ingestion points: The scripts/md_to_pdf.py script reads the entire content of user-supplied Markdown files.\n
  • Boundary markers: None; user data is processed without isolation delimiters or safety instructions.\n
  • Capability inventory: The skill can execute shell commands and utilize a web browser engine for rendering.\n
  • Sanitization: No input validation or content filtering is performed on the Markdown source.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 06:25 AM