Skills
skills/cat-xierluo/legal-skills/md2word/Gen Agent Trust Hub

md2word

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFE
Full Analysis
  • COMMAND_EXECUTION (SAFE): The skill uses subprocess.run in scripts/chart_handler.py to execute the Mermaid CLI (mmdc). This is implemented using a list-based argument structure which prevents shell injection. The command is used solely for rendering charts from user-provided Markdown content.
  • EXTERNAL_DOWNLOADS (SAFE): The skill specifies dependencies from trusted registries (PyPI and npm). There are no signs of downloading scripts or binaries from untrusted third-party URLs at runtime.
  • DATA_EXFILTRATION (SAFE): No network-capable modules (like requests or urllib) are utilized for outgoing data. Analysis of the scripts shows file operations are restricted to reading input Markdown/YAML and writing the output Word document.
  • OBFUSCATION (SAFE): No encoded strings, homoglyphs, or hidden characters were found. The code is modular, readable, and its behavior matches the stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 12:30 PM