Skills
skills/chunpu/agent-skills/doc-to-txt/Gen Agent Trust Hub

doc-to-txt

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from untrusted external files, which creates a potential surface for indirect prompt injection attacks.
  • Ingestion points: The convert.py script reads text from document files provided as input to the conversion utility.
  • Boundary markers: There are no explicit delimiters or warning instructions used to separate extracted content from the agent's internal logic.
  • Capability inventory: The skill has the capability to write the extracted text to the local file system.
  • Sanitization: No sanitization or filtering is applied to the extracted text to prevent it from influencing the agent's behavior.- [EXTERNAL_DOWNLOADS]: The skill depends on third-party Python packages for its core functionality.
  • Evidence: scripts/convert.py specifies python-docx and PyPDF2 as dependencies and references textract for certain file types.
  • Note: These are standard, well-recognized libraries for document processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:32 AM