This project is built on markdown which is used to create various binary files such as .pdf and epub. It is improbable but not impossible that a malicious actor could somehow embed malware in the markdown or subvert the document creation process. If you find anything suspicious in either the markdown or pipeline scripts then let us know ASAP and we will fix it as a priority.

Ideally open a security advisory and this will be provided only to the project's admins in strict confidence.

Alternatively send an encrypted email to Jon Gadsden to start the secure disclosure process.