Skills
skills/brucevanfdm/docugenius-converter-skill/bruce-doc-converter/Gen Agent Trust Hub

bruce-doc-converter

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/convert_document.py automatically executes shell commands to maintain the environment and run components.
  • Evidence: The install_dependencies and _ensure_shared_node_modules functions utilize subprocess.run to call pip and npm respectively. Additionally, the convert_md function executes node to process Markdown files.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface because it processes untrusted documents and returns the content directly to the agent's context.
  • Ingestion points: Document content is ingested from local files via scripts/convert_document.py across multiple formats (Word, Excel, PDF, PPTX).
  • Boundary markers: Absent. The skill returns raw Markdown content without protective delimiters or instructions to the agent to treat the content as untrusted data.
  • Capability inventory: The agent is intended to summarize, analyze, or respond based on the document's content, allowing instructions embedded in the documents to potentially override agent behavior.
  • Sanitization: Absent. The logic focuses on text extraction and formatting without filtering for malicious natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 06:46 AM