Back to skill

Security audit

md-pdf-render

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Markdown-to-PDF tool, but it needs Review because it renders user documents in a network-enabled browser with raw HTML and optional remote Mermaid code without clear safety controls.

Install only if you trust the Markdown being converted or can run it in a contained environment. Avoid converting sensitive untrusted files with network access enabled, be cautious with raw HTML, and avoid --mermaid unless you accept remote CDN code execution during rendering or vendor Mermaid locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
When Mermaid is enabled, the script imports executable JavaScript from a public CDN into a headless browser context. A local Markdown-to-PDF tool does not need remote code execution to function, so this adds supply-chain and network exposure: a compromised CDN response, dependency substitution, or unexpected outbound access could execute arbitrary script during document rendering.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Mermaid is configured with securityLevel: 'loose', which relaxes built-in sanitization and allows more permissive handling of diagram content inside untrusted Markdown. In this tool, Markdown is directly user-supplied and rendered inside a browser engine, so permissive diagram parsing increases the risk of script injection, unsafe links, or active content being embedded in the rendering context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill uses Chromium/Puppeteer to render Markdown into a PDF, and rendered Markdown can reference external images, fonts, CSS, or other resources that the browser may fetch during conversion. Without an explicit warning or restriction, converting an untrusted Markdown file can cause unintended outbound network access, potentially leaking IP/environment metadata or contacting attacker-controlled hosts.

Known Vulnerable Dependency: markdown-it==14.0.0 — 2 advisory(ies): CVE-2026-2327 (markdown-it is has a Regular Expression Denial of Service (ReDoS)); CVE-2026-48988 (markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string o)

Low
Category
Supply Chain
Confidence
97% confidence
Finding
markdown-it==14.0.0

Known Vulnerable Dependency: mermaid==11.0.0 — 5 advisory(ies): CVE-2026-41150 (Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS); CVE-2025-54881 (Mermaid improperly sanitizes sequence diagram labels leading to XSS); CVE-2026-41159 (Mermaid: Improper sanitization of configuration leads to CSS injection) +2 more

Low
Category
Supply Chain
Confidence
98% confidence
Finding
mermaid==11.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.