markdown-to-pdf
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages
mistuneandreportlab. These are reputable libraries from the official Python Package Index (PyPI). - [COMMAND_EXECUTION]: The skill uses
uv runto execute a local Python script for the conversion process. This is a standard execution pattern for this environment. - [SAFE]: The Python script implements specific security-conscious rendering logic. It explicitly ignores HTML tags (
block_html,inline_html) and images (image) provided in the markdown input, effectively preventing the loading of remote assets or the execution of embedded scripts. - [SAFE]: The script uses a runtime font discovery mechanism that searches local system paths for common fonts on macOS, Linux, and Windows, rather than downloading them from remote sources.
Audit Metadata