HTML Markdown

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward HTML-to-Markdown helper, but users should understand that MinerU API processing may send selected documents or URLs to MinerU.

Install only if you are comfortable using MinerU's external API for the HTML you provide. Do not process confidential, regulated, authenticated, or internal pages unless you have approval and understand MinerU's handling of submitted content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs users to send local HTML files or remote URLs to MinerU's token-authenticated external service, but it does not warn that document contents and metadata may leave the local environment. This creates a real privacy and data-handling risk, especially if users process sensitive internal HTML, authenticated pages, or confidential documentation under the assumption the conversion is purely local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal