Markdown Converter 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Markdown conversion helper, with the main caution that some optional conversion modes use external tools or cloud services.

Reasonable to install if you want a command reference for converting selected files to Markdown. Avoid using it on confidential documents unless you are comfortable with the conversion path, be cautious with Azure Document Intelligence or YouTube URL inputs because they may involve external services, and enable `--use-plugins` only when you trust the installed plugins.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents Azure Document Intelligence and YouTube URL handling without warning that these modes may transmit user-supplied content or metadata to external services for processing. In an agent setting, users may assume conversion is local-only, causing accidental disclosure of sensitive documents, URLs, or media to third parties and creating privacy, compliance, and data residency risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal