file-converter
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill is designed to generate Python code dynamically based on user requests (SKILL.md). This creates a risk if the agent incorporates untrusted data from the user or the files themselves directly into the generated code logic without validation.
- Command Execution (MEDIUM): The reference documents (references/document-conversions.md, references/image-conversions.md) recommend using shell commands via subprocess for tools like LibreOffice and Potrace. These calls are vulnerable to command injection if filenames or user-provided parameters are not strictly sanitized before being passed to a shell.
- Indirect Prompt Injection (LOW): The skill has a high surface area for indirect injection because it processes untrusted data formats known to support embedded instructions or scripts (HTML, SVG, XML).
- Ingestion points: SKILL.md, references/data-conversions.md, references/document-conversions.md.
- Boundary markers: None detected; the skill lacks instructions to ignore instructions embedded in the files being converted.
- Capability inventory: Subprocess calls (libreoffice, potrace), dynamic code execution, and file system writes.
- Sanitization: None detected; the examples show direct passing of file paths and content to libraries and CLI tools.
Audit Metadata