md2word
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied Markdown files, creating an attack surface for indirect prompt injection. Maliciously crafted documents could potentially contain instructions aimed at influencing the agent or exploiting the conversion logic.
- Ingestion points: Markdown file content is read and processed in
scripts/md2word.pyandscripts/chart_handler.py. - Boundary markers: No specific delimiters or security warnings are used to differentiate user data from agent instructions during processing.
- Capability inventory: The skill has file system write access (
doc.save) and shell command execution capabilities. - Sanitization: While
scripts/chart_handler.pyperforms regex-based cleaning for Mermaid compatibility, no security-focused sanitization of the general Markdown content is implemented. - [COMMAND_EXECUTION]: The module
scripts/chart_handler.pyexecutes the externalmmdc(Mermaid CLI) tool usingsubprocess.run. Although the command is constructed using a list of arguments (which avoids shell interpolation), it relies on the execution of an external system binary based on the content of the processed document.
Audit Metadata