Markdown to HTML Converter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local Markdown-to-HTML converter, with the main caveat that its HTML output should not be treated as sanitized or safe for untrusted web publishing.

Reasonable to install for converting trusted Markdown locally. Do not publish output from untrusted Markdown, LLM responses, or user submissions directly to a website or CMS without adding a real HTML sanitizer and URL/attribute policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly promotes converting LLM- or user-generated Markdown into HTML for direct publication to a CMS, but the documentation only mentions escaping in code blocks and does not warn that generated HTML may contain unsafe content. In this context, users may assume the converter output is safe for browser rendering and database insertion, creating a realistic path to stored XSS or malicious HTML injection if raw Markdown content is attacker-controlled.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal