Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
openai>=0.27.0 pandas markdown obsidian-api
- Confidence
- 95% confidence
- Finding
- pandas
Deep Read
Security checks across malware telemetry and agentic risk
Overview
The available evidence shows dependency hygiene issues, but no deceptive, destructive, or purpose-mismatched behavior.
Installation appears acceptable if you are comfortable managing dependency risk. Prefer installing in an isolated environment, pin or lock the listed packages before production use, and verify that the resolved markdown package version is not affected by the reported advisory.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
openai>=0.27.0 pandas markdown obsidian-api
- Confidence
- 95% confidence
- Finding
- markdown
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
openai>=0.27.0 pandas markdown obsidian-api
- Confidence
- 95% confidence
- Finding
- obsidian-api
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
openai>=0.27.0 pandas markdown obsidian-api
- Confidence
- 98% confidence
- Finding
- openai>=0.27.0
Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)
High
- Category
- Supply Chain
- Confidence
- 88% confidence
- Finding
- markdown
VirusTotal
67/67 vendors flagged this skill as clean.