md-pdf

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its browser-based PDF path needs review because it can send document content to a CDP browser endpoint and installs npm packages automatically at runtime.

Review before installing if you handle private Markdown. Use the Pandoc/XeLaTeX path for untrusted files, use only a trusted local CDP browser for the browser pipeline, and be aware that the first browser conversion may download npm dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly instructs users to connect the browser-rendering pipeline to an existing CDP endpoint, including a non-local example (`http://192.168.1.30:9222`), but it does not warn that CDP commonly exposes powerful browser control and may transmit document contents to a remote host. In this context, Markdown being converted may contain sensitive or proprietary content, so sending it to a network-accessible browser endpoint can cause unintended disclosure or misuse if the endpoint is untrusted or exposed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal