pst-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract_pst.pyexecutes thereadpstsystem utility usingsubprocess.runto extract email data from PST files. This is a functional requirement for the skill's primary operation.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to processing untrusted data from email archives.\n - Ingestion points:
scripts/extract_pst.pyreads data from PST and EML files.\n - Boundary markers: The generated markdown files separate metadata using YAML frontmatter but do not include explicit protective delimiters or warnings for the email body content.\n
- Capability inventory: The skill has file system read/write access and the ability to execute the
readpstsystem utility.\n - Sanitization: The tool converts HTML content to markdown but does not perform sanitization to detect or neutralize adversarial instructions within the email body.
Audit Metadata