The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's behavior is consistent with its stated purpose of document format conversion.
[PROMPT_INJECTION]: The skill processes untrusted document content, which constitutes a surface for indirect prompt injection. This risk is assessed as safe in the context of this skill because it lacks dangerous capabilities (such as network access or arbitrary command execution) that could be exploited via an injection.
Ingestion points: Content is read from user-provided files via modules like scripts/lib/pdf_reader.py and scripts/lib/docx_reader.py.
Boundary markers: None. Document content is passed directly to the conversion logic.
Capability inventory: The skill only performs local file read/write operations and structure transformation. It does not use subprocesses, network requests, or dynamic code execution.
Sanitization: Basic HTML escaping is performed in the output writers (e.g., scripts/lib/html_writer.py) to ensure valid formatting.
[EXTERNAL_DOWNLOADS]: The skill specifies several standard document-processing libraries in scripts/requirements.txt and SKILL.md, including pypdf, python-docx, and openpyxl. These are standard tools for the intended use case.

document-converter-suite