file-converter
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected Indirect Prompt Injection surface (Category 8). The skill is designed to process untrusted external data which could contain malicious instructions.
- Ingestion points: html_to_md.py, md_to_html.py, and md_to_pdf.py ingest raw text from .html and .md files.
- Boundary markers: Absent. The scripts do not wrap input data in delimiters or provide warnings to the agent to ignore embedded instructions.
- Capability inventory: Scripts have local file system read/write access and interface with native libraries (cairo, pango) via subprocess-like behavior in underlying libraries (WeasyPrint, CairoSVG).
- Sanitization: html_to_md.py provides an option to strip script/style tags, but this is insufficient to prevent natural language prompt injection embedded in comments or body text.
- [COMMAND_EXECUTION] (SAFE): No arbitrary command execution patterns were found. Native library path configuration in platform_utils.py is limited to standard library directories for the purpose of loading dependencies like Cairo.
- [DATA_EXFILTRATION] (SAFE): No network operations (requests, urllib, curl) or hardcoded credentials were detected. All processing is local.
- [EXTERNAL_DOWNLOADS] (SAFE): All dependencies listed are standard, reputable packages from the Python Package Index (PyPI).
Audit Metadata