markdown-to-pdf

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The required runtime workflow reads the operating user–supplied input.md from the local filesystem (raw_md = input_file.read_text(...)) and passes it into mistune (md(raw_md)), so any free-form text in that markdown file (authored by an outsider) becomes LLM-readable content via the renderer’s text()/heading()/paragraph()/block_code()/table_cell() methods.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 12:24 AM
Issues
1
Security Audit — snyk — markdown-to-pdf