markdown-to-pdf
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The required runtime workflow reads the operating user–supplied
input.mdfrom the local filesystem (raw_md = input_file.read_text(...)) and passes it intomistune(md(raw_md)), so any free-form text in that markdown file (authored by an outsider) becomes LLM-readable content via the renderer’stext()/heading()/paragraph()/block_code()/table_cell()methods.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata