markdown-export

Summary of what to consider before installing: - Metadata mismatch: SKILL.md says 'pandoc' is required but the registry metadata does not list any required binaries. Make sure pandoc is installed on the host before using the skill. - Missing assets: The code references built-in DOCX templates under assets/docx/templates/*.docx, but those .docx template files were not shown in the manifest. If you plan to use a built-in DOCX template, verify the package actually includes those .docx files or supply your own reference.docx via --template. - Unreviewed script content: The converter is implemented in scripts/export_markdown.py and manipulates DOCX internals and invokes pandoc via subprocess. I saw a truncated portion of the script in the review; request the full script if you want a complete audit. If the full script is available, scan it for network calls (requests, urllib, socket), unexpected writes to other filesystem locations, or code that exfiltrates data. - Operational cautions: When running, the script will read any file path you pass and will write output files. Do not point it at sensitive system files or credential stores. Run first in a sandboxed environment (or on a disposable VM) if you do not fully trust the publisher. - If you need higher confidence: ask the publisher for a full file listing including assets/docx templates and the full export_markdown.py source, or run static analysis on the full script to confirm there are no network calls or unexpected subprocess invocations beyond pandoc. Given the above mismatches and the truncated script in the review, I cannot fully clear the package — treat it with caution until the missing details are resolved.