Convert Markdown To HTML And PDF - Markdown和HTML、PDF互转

Security checks across malware telemetry and agentic risk

Overview

This is a local Markdown, HTML, and PDF conversion skill whose code matches its stated purpose, with only minor scope and file-access cautions.

Install this if you need local Markdown/HTML/PDF conversion. Use it only on files or content you intentionally provide, review generated HTML before opening it in sensitive contexts, and ignore the JisuAPI/AppKey material unless you separately choose to use that external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill explicitly accepts a local file path and instructs the agent to read local files, but it does not declare any corresponding permission or capability boundary. This creates a mismatch between documented behavior and permission metadata, which can lead to unauthorized file access or unsafe invocation assumptions by the platform or user.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The catch-all activation wording is broad enough that the skill may be selected for loosely related requests beyond the intended markdown/HTML/PDF conversions. Over-broad triggering increases the chance the agent invokes local file-reading conversion logic in contexts the user did not specifically authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal