Skills
skills/claude-office-skills/skills/batch-convert/Gen Agent Trust Hub

batch-convert

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes external binaries such as pandoc, marp, and soffice via subprocess.run to perform conversions. While shell injection is avoided by passing arguments as a list, the use of user-controlled file paths can expose the system to argument injection if filenames contain specific command flags.
  • [PROMPT_INJECTION]: The skill processes untrusted document content (PDF, HTML, MD) which presents an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: Document content is read from input_path using libraries like markitdown and pdf2docx. 2. Boundary markers: No delimiters or 'ignore' instructions are used when processing external file content. 3. Capability inventory: The skill utilizes subprocess.run for executing CLI tools and open().write() for local file creation. 4. Sanitization: No content sanitization or validation is performed on the ingested document data beyond simple file extension checks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:20 AM