Security audit

Markdown to HTML Converter

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Markdown conversion skill with broad but disclosed static-site and converter examples; use care with optional installs and server commands.

Install is reasonable for Markdown conversion, but review commands before running them. Avoid binding preview servers to 0.0.0.0 unless you intentionally want LAN access, pin or trust third-party packages/themes before installing, and sanitize untrusted Markdown before rendering or publishing HTML.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This section materially broadens the skill from Markdown-to-HTML conversion into general document transformation, including HTML↔Markdown, PDF, DOCX, LaTeX, and interactive filter usage. In an agent setting, that scope expansion can cause the skill to activate for tasks outside its advertised purpose, increasing the chance of inappropriate tool selection, unsafe file handling, or unexpected processing paths.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: These sections cover full Jekyll/Hugo site creation, build, serve, theming, and configuration workflows rather than simple Markdown-to-HTML conversion. That overreach can prompt an agent to perform broader project scaffolding, local serving, configuration changes, or deployment-adjacent actions that exceed the minimum necessary transformation task.

Context-Inappropriate Capability

Low

Confidence: 87% confidence
Finding: The Hugo quick-start instructions include network-dependent repository/theme installation steps that are not required for core Markdown-to-HTML conversion. In an automated agent context, unnecessary remote fetches enlarge the attack surface through supply-chain risk and can trigger unintended external network activity.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The top-level description is so broad that it may trigger on generic Markdown work, template-system tasks, or unrelated site tooling, not just Markdown-to-HTML conversion. Overbroad activation criteria are dangerous for agent routing because they increase misfires, causing the wrong skill to handle a task with broader permissions or instructions than intended.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The usage conditions include ambiguous phrases such as building static sites, working on tools/widgets, and previewing Markdown, which do not clearly distinguish simple conversion from broader development tasks. In agent systems, ambiguous trigger rules can cause privilege or capability creep by selecting this skill for tasks it should not own.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly recommends `bundle exec jekyll serve --host 0.0.0.0`, which exposes the development server on all network interfaces. Without a warning, users may unintentionally make a local preview site reachable by other hosts on the LAN or in shared/dev environments, increasing exposure of draft content or any unsafe plugin/template behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.