Skills
skills/steveclarke/dotfiles/md-to-pdf/Gen Agent Trust Hub

md-to-pdf

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands and binaries, including Chrome/Chromium for PDF rendering and the system's 'open' or 'xdg-open' utility to display the resulting file.
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it processes external markdown content which may contain malicious HTML, CSS, or scripts designed to target the rendering engine.
  • Ingestion points: User-provided markdown files processed by scripts/md-to-pdf.cjs and the scripts/md-to-pdf shell script.
  • Boundary markers: None identified to isolate untrusted input from the rendering engine's context.
  • Capability inventory: The skill performs local file system operations (read, write, delete) and executes browser-based rendering processes with access to local files via the file:// protocol.
  • Sanitization: The Node.js script uses the he library to escape metadata in the PDF footer and includes a configuration to disable script execution within the crossnote engine. However, the standalone Bash script uses the 'marked' utility without explicit sanitization before rendering content in Chrome.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 11:53 AM
Security Audit — agent-trust-hub — md-to-pdf