md2pdf-export
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes installation scripts from NodeSource and the NVM GitHub repository to set up the Node.js environment.
- [COMMAND_EXECUTION]: Uses
sudoto install system-level dependencies on Debian, RHEL, and other Linux distributions. - [COMMAND_EXECUTION]: Modifies user shell profile files (
~/.bashrcand~/.zshrc) to persist changes to the system PATH by adding the npm global binaries directory. - [COMMAND_EXECUTION]: Allows the injection of arbitrary command-line arguments into the Chromium browser instance through the
puppeteer.argsfield in a Markdown file's YAML front-matter. - [EXTERNAL_DOWNLOADS]: Downloads multiple Node.js packages and a bundled Chromium browser binary during the environment setup and installation phase.
- [PROMPT_INJECTION]: Processes untrusted Markdown content and renders it in a headless browser environment with HTML and script execution capabilities, creating a surface for indirect prompt injection if the source data is malicious.
- Ingestion points: Reads local Markdown files (
.md) provided via CLI or front-matter. - Boundary markers: None identified; the content is rendered as HTML directly.
- Capability inventory: File system access (read/write), network access (via Puppeteer), and browser execution.
- Sanitization: No specific sanitization or filtering of embedded HTML or scripts in the Markdown source is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://deb.nodesource.com/setup_lts.x, https://raw.githubusercontent.com/nvm-sh/nvm/${NVM_VERSION}/install.sh, https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata