pandoc
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
os.executewithin themermaid-to-image.luascript to invoke themmdc(Mermaid CLI) utility. The implementation is secure because it generates filenames using SHA1 hashes of the content, ensuring no user-controlled strings are directly interpolated into the shell command. - [COMMAND_EXECUTION]: The instructions guide the agent to perform document conversions by executing
pandoccommands in the system shell. - [EXTERNAL_DOWNLOADS]: The skill references the official
pandoc.orgwebsite for software installation, which is a well-known and trusted technology resource. - [INDIRECT_PROMPT_INJECTION]: The skill processes Markdown files provided by users. It mitigates potential injection risks in its automation by strictly using hashed identifiers for file operations and not passing raw user content as command-line arguments.
Audit Metadata