paper-2-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The documentation mentions
.envconfiguration for OpenAI and OpenRouter API keys. It correctly uses placeholders likeyour_openai_api_key_hererather than hardcoding actual secrets. This is consistent with security best practices for documentation. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, trustworthy sources for tools including GitHub (YuhangChen1/Paper2All, oschwartz10612/poppler-windows) and the official LibreOffice website. These downloads are part of the primary purpose of the skill and follow [TRUST-SCOPE-RULE] for reputable repositories.
- [COMMAND_EXECUTION] (SAFE): Installation steps include standard package management commands (
pip install,conda create,apt-get install,brew install). These are necessary for the setup of the described software environment. - [DATA_EXFILTRATION] (SAFE): No unauthorized network operations or exfiltration patterns were identified. The network use described (API calls to OpenAI/OpenRouter and Google Search) is transparent and tied to the core functionality of content generation and logo discovery.
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent safety filters or system prompts were detected in the documentation or CLI examples.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a tool that processes external LaTeX and PDF files, it possesses an ingestion surface for untrusted data. However, the documentation does not describe unsafe interpolation or automated execution of content found within those papers. Standard risks associated with processing external files apply.
Audit Metadata