AgentReadyHomeAgent ListingPricing

← markdown2pdf.ai

markdown2pdf.ai — agentic threat model

7.0AIVSS 7.0 · High

markdown2pdf.ai is a stateless utility API designed to convert markdown to PDF using L402 and MCP. Its primary security risks lie in infrastructure-level rendering vulnerabilities (such as SSRF or local file inclusion via malicious markdown) and its role as a horizontal dependency in agentic workflows without traditional identity governance.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 0.22Factor sum 0.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the tool converts markdown to PDF and may not use a foundation model directly for the rendering process, though it integrates with agentic workflows. If an LLM is used internally for layout optimization, it could be vulnerable to indirect prompt injection via the input markdown.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the service appears stateless ('send markdown, get back a PDF') and likely does not maintain a vector store or persistent RAG dataset, minimizing data poisoning risks but still requiring secure transient data handling.

L3 · Agent Frameworks✓ mapped

The service natively supports the Model Context Protocol (MCP), making it an easily integrable tool for agent frameworks. The primary threat is tool misuse, where an orchestrating agent is tricked into sending sensitive or unauthorized data to this PDF generation endpoint.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the infrastructure hosting the markdown-to-PDF rendering engine must be heavily sandboxed to prevent server-side resource exhaustion, SSRF via external image rendering, or local file inclusion (LFI) from malicious markdown inputs.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of logging, guardrails, or input sanitization to detect and block malicious markdown payloads or exploit attempts before rendering.

L6 · Security & Compliance (cross-cutting)✓ mapped

The service uses L402 for decentralized, pay-per-use authentication via Lightning Network sats, bypassing traditional OAuth or API keys. While this enhances privacy (no sign-ups), it lacks traditional enterprise access controls, audit trails, and compliance certifications.

L7 · Agent Ecosystem✓ mapped

Designed specifically as a utility for the agent ecosystem ('Agents speak Markdown. Humans prefer PDF.'). It represents a horizontal dependency where a compromise or outage of this service could cause cascading failures in downstream agentic reporting workflows.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.