Generate PDF from HTML

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PDF-generation skill, but users should understand that submitted HTML or URLs are processed by pdfapihub.com.

Install only if you are comfortable sending the selected HTML, CSS, dynamic values, or public webpage URL to pdfapihub.com. Avoid secrets, internal-only URLs, regulated data, or confidential documents unless your organization has approved that service and its retention policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs users to send raw HTML content or public URLs to a third-party service but does not warn that document contents, embedded data, and referenced resources will be transmitted outside the local environment. This can lead users to unknowingly send sensitive business documents, PII, or internal links to an external processor, creating confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal