lotus-convert-rich-text-fields
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation and provided Python code were analyzed, and no malicious patterns, obfuscation, or unauthorized behaviors were detected. The skill follows reasonable practices for its stated purpose of providing conversion logic for Lotus Notes data migration.
- [DATA_EXFILTRATION]: The skill contains logic for writing extracted attachments to the local filesystem via the
Path.write_bytesmethod in theextract_and_link_attachmentsfunction. This functionality is consistent with the skill's primary purpose of data preservation during migration and does not demonstrate exfiltration behavior. - [PROMPT_INJECTION]: The skill processes untrusted external data (Lotus Notes rich text), which creates an indirect prompt injection surface. Ingestion points: Data is read from
doc_idandfield_namevia external APIs or exports. Boundary markers: No specific delimiters are used in the conversion logic to separate content from instructions. Capability inventory: The skill includes file writing and data transformation. Sanitization: The code useshtml.escape()and regex-based tag removal for basic sanitization of the extracted content. This surface is inherent to the task and managed safely within the documented context.
Audit Metadata