markdown-to-pdf

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages mistune and reportlab. These are reputable libraries from the official Python Package Index (PyPI).
  • [COMMAND_EXECUTION]: The skill uses uv run to execute a local Python script for the conversion process. This is a standard execution pattern for this environment.
  • [SAFE]: The Python script implements specific security-conscious rendering logic. It explicitly ignores HTML tags (block_html, inline_html) and images (image) provided in the markdown input, effectively preventing the loading of remote assets or the execution of embedded scripts.
  • [SAFE]: The script uses a runtime font discovery mechanism that searches local system paths for common fonts on macOS, Linux, and Windows, rather than downloading them from remote sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 12:24 AM
Security Audit — agent-trust-hub — markdown-to-pdf