pandoc-converter
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: All files and scripts within the skill are dedicated to the stated purpose of document conversion. No suspicious code, hidden payloads, or exfiltration patterns were identified during the analysis.
- [COMMAND_EXECUTION]: The skill leverages local command-line utilities (Pandoc, xelatex, python3). It provides explicit safety instructions in SKILL.md for the agent to quote all file paths and verify their existence before processing, effectively mitigating potential command injection risks.
- [PROMPT_INJECTION]: The skill processes user-provided document files as input for conversion, representing an indirect prompt injection surface. Ingestion points: User-specified files provided to conversion scripts (e.g., input.md). Boundary markers: None explicitly defined in scripts, relying on Pandoc's parsing logic. Capability inventory: Local execution of pandoc, bash, and python3 for document processing. Sanitization: Relies on the agent to follow provided safety rules regarding path quoting and file verification.
Audit Metadata