Back to skill

Security audit

HTML to PDF

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: converts local HTML or web pages to PDFs, with some setup guidance users should treat cautiously.

Install Puppeteer from a trusted npm environment, keep Chromium sandboxing enabled, and avoid using the no-sandbox or quarantine-removal workarounds unless you understand the risk and are in an isolated environment. Be careful converting untrusted URLs or HTML files, since the browser will load that content and write a PDF to the path you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports converting remote URLs and writing PDFs to disk, but the documentation does not warn users that invoking it will trigger outbound network requests and local file creation. In an agent setting, this can lead to unintended data egress, access to attacker-controlled URLs, SSRF-like behavior against internal resources, or unauthorized file writes when the tool is selected automatically based on the skill description.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup guide recommends launching Chromium with '--no-sandbox' to work around headless mode issues, but provides no warning that this disables a major browser security boundary. In a skill that renders arbitrary HTML and URLs via Puppeteer, users may process untrusted content, making sandbox removal materially increase the risk of browser compromise affecting the host environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell users to remove the macOS quarantine attribute from Chrome to bypass execution restrictions without explaining the trust implications. Quarantine is a security control meant to flag untrusted downloaded binaries, and removing it can lead users to run software they have not properly verified.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.