Back to skill

Security audit

Md To Share

Security checks across malware telemetry and agentic risk

Overview

This Markdown-to-image skill is mostly purpose-aligned, but it renders unsanitized Markdown/HTML in a network-enabled browser and uses broad agent trigger wording that could cause unintended processing or sharing.

Review generated images before sending them anywhere, and avoid running this on untrusted Markdown unless you are comfortable with embedded HTML or remote resources causing browser network requests. Install only from a trusted source because setup may download Chromium and npm dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This is a real issue. The tool renders attacker-controlled Markdown/HTML with `page.setContent(..., { waitUntil: 'networkidle' })`, so `<img>`, remote CSS, or other fetch-capable elements embedded in the Markdown can cause outbound network requests during rendering. In an agent context, this can leak that a file was processed, expose the runner's IP/environment to third parties, and potentially enable SSRF-style access to internal services reachable from the host browser context.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises broad activation phrases like "forward", "share", "convert to image", and "generate long image", which are ambiguous and likely to appear in ordinary conversation. In an agent setting, this can cause unintended invocation on user content or files the user did not explicitly ask to transform, leading to surprising actions, accidental disclosure through generated images, or misuse of downstream send/share workflows.

Vague Triggers

Low
Confidence
88% confidence
Finding
The example phrase "make it easy to forward" is vague and can match many harmless user intents unrelated to markdown-to-image conversion. While this is only an example, examples often guide agent routing behavior, so vague wording increases the chance of over-triggering the skill in contexts where the user did not clearly request file conversion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.