batch-convert
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess.run to call external binaries including pandoc, marp, and soffice (LibreOffice) for document processing and conversion as seen in the converter implementations in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install several third-party Python packages (pdf2docx, markitdown, python-docx, openpyxl) and system-level tools (Pandoc, LibreOffice, and @marp-team/marp-cli via npm), which are well-known utilities for document management.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted documents and converts them into text-based formats like Markdown which are then returned to the agent context.\n
- Ingestion points: Files are read from local directories using pathlib and processed by various converters in SKILL.md.\n
- Boundary markers: No specific boundary markers or 'ignore' instructions are applied to the converted content to prevent command following within the data.\n
- Capability inventory: Includes subprocess.run for command execution and file system write operations via open().write().\n
- Sanitization: No content sanitization or filtering is performed on the data extracted from source documents.
Audit Metadata