Skills
skills/andreadellacorte/groove/pdf-to-markdown/Gen Agent Trust Hub

pdf-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx --yes @opendocsg/pdf2md to dynamically download and execute the conversion utility from the NPM registry if it is not locally installed. This occurs in scripts/lib/converter.cjs within the convertNativeViaNpx function.
  • [COMMAND_EXECUTION]: The convertNativeViaNpx function in scripts/lib/converter.cjs uses child_process.spawnSync to run the npx command. While the package name is hardcoded, it executes external code to process user-provided files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from untrusted PDF files and outputs it into the agent context.
  • Ingestion points: PDF files are read using fs.readFileSync and fs.readSync in scripts/lib/converter.cjs and scripts/lib/pdf-detector.cjs.
  • Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the converted output.
  • Capability inventory: The skill has the ability to write files (fs.writeFileSync) and execute commands via spawnSync.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted text to prevent the inclusion of malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 10:35 PM