md-2-pdf

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Markdown-to-PDF converter, with a normal caution that Markdown image links can include local image files in the generated PDF.

Install is reasonable if you want a local Markdown-to-PDF tool. Use it on Markdown files you trust, choose output paths deliberately, and be careful with Markdown from other people or automated sources because image links can pull local image files into the generated PDF.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This converter honors markdown image paths and reads local files from either the markdown file’s directory or an absolute/relative path supplied in the document. In an agent context, that means untrusted markdown can cause the tool to access and embed arbitrary local files that happen to parse as images, which exceeds a text-to-PDF role and can leak sensitive local content or probe filesystem existence.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal