tim-project-guide
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/verify_docx.pyuses thesubprocess.runfunction to execute thepandocutility. This is used to convert Word documents (.docx) into Markdown for automated checking. The command is constructed using a list of arguments, which is a secure practice that prevents shell injection attacks. - [EXTERNAL_DOWNLOADS]: The documentation and
scripts/verify_docx.pyreference the need forpandoc, an external document conversion tool. The skill itself does not download the binary, but provides a link to the official project website (pandoc.org) for installation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided report drafts and evaluate them against specific rules.
- Ingestion points: The scripts
evaluate_report.pyandverify_docx.pyread content from user-specified file paths and directories. - Boundary markers: The scripts rely on regular expression matching for headings and word counts but do not implement specific delimiters or 'ignore' instructions to isolate user content from the agent's evaluation logic.
- Capability inventory: The skill has the ability to read local files, create new markdown files (
scripts/generate_shell.py), and call the localpandocbinary. - Sanitization: No input sanitization is performed on the text extracted from documents before it is processed by the evaluation logic.
Audit Metadata