Gongwen Formatter

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Markdown-to-Word formatter, but it automatically fetches image URLs from input without network or size safeguards, which is risky in agent or server use.

Install only if you control or trust the Markdown being converted, or run it in an environment where outbound network access is restricted. Avoid using it on untrusted Markdown until remote image fetching is opt-in or constrained by URL allowlists, private-network blocking, and download size limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code fetches attacker-controlled image URLs from Markdown input using urllib.request.urlopen(), which creates an SSRF-style network primitive during document conversion. In an agent or server context, this can trigger unexpected outbound requests to internal services, cloud metadata endpoints, or sensitive network locations, and it does so automatically when rendering otherwise untrusted content.

Known Vulnerable Dependency: markdown-it-py — 4 advisory(ies): CVE-2023-26302 (markdown-it-py Denial of Service vulnerability in the command line interface); CVE-2023-26303 (markdown-it-py Denial of Service vulnerability); CVE-2023-26302 (Denial of service could be caused to the command line interface of markdown-it-p) +1 more

High

Category: Supply Chain
Confidence: 89% confidence
Finding: markdown-it-py

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal