Markdown Formatter

Security checks across malware telemetry and agentic risk

Overview

This markdown formatter behaves like a normal document cleanup tool, with the main caution that batch mode reads the local file paths you give it.

Install is reasonable for markdown cleanup. Use direct markdown text when possible, and use batch mode only with markdown files you intentionally want the skill to read; review output before replacing important documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The batch mode accepts arbitrary file paths and reads them directly from disk with fs.readFileSync, which expands the skill from markdown formatting into unrestricted local file access. In an agent setting, this can expose sensitive local files if an upstream prompt, tool caller, or untrusted input can influence markdownFiles.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The batch formatter silently reads arbitrary user-supplied paths without warning, validation, or consent messaging. In agent workflows, this increases the chance of surprising data exposure because callers may treat the skill as a content formatter rather than a local file reader.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal