Skills
skills/raffaelecamanzo/skills/md2pdf/Gen Agent Trust Hub

md2pdf

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/md2pdf.sh executes shell commands including pandoc and xelatex. While these are the primary functions of the skill, they represent a powerful execution environment.
  • [DATA_EXFILTRATION]: The skill is susceptible to local file read via LaTeX injection. A malicious Markdown file can contain LaTeX commands (e.g., in the title or body) that the underlying XeLaTeX engine will execute during conversion, potentially embedding the content of sensitive local files into the generated PDF output.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: Markdown files (.md) processed by the md2pdf.sh script.
  • Boundary markers: None. The script extracts the document title directly from the first H1 header using grep and sed without sanitization, passing it directly into a LaTeX template.
  • Capability inventory: Executes pandoc and xelatex via shell. Writes PDF files to the pdf/output/ directory.
  • Sanitization: No sanitization or escaping is performed on the Markdown content or the extracted title before it is processed by the LaTeX engine, allowing arbitrary LaTeX command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 02:09 PM