document-converter-suite
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection because its primary purpose is to ingest and process untrusted data from multiple external formats (PDF, DOCX, HTML, etc.). Evidence includes: 1. Ingestion points: multiple reader modules like scripts/lib/pdf_reader.py and scripts/lib/html_reader.py read raw file content. 2. Boundary markers: The skill lacks any mechanism to delimit or mark ingested content as untrusted for the AI agent. 3. Capability inventory: The skill has file-write permissions across the filesystem. 4. Sanitization: No sanitization or filtering is performed on the content extracted from documents.
- SAFE: No other high-severity threats were detected. Analysis of scripts/lib/ shows no credential exposure, network exfiltration, or obfuscated code. Command execution is limited to standard Python file operations without subprocess usage.
- SAFE: Best practice violations and missing code. The requirements.txt file fails to list several necessary dependencies used in the code (mistune, Pillow, lxml). Additionally, scripts/lib/conversion.py is missing from the provided file set, which would prevent the skill from functioning despite no malicious intent being evident in the provided modules.
Audit Metadata