md-to-office
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python code snippets that use the
subprocess.runfunction to invoke thepandocbinary. These implementations utilize argument lists (e.g.,['pandoc', input_path, '-o', output_path]) instead of raw shell strings, which is a recommended security practice to prevent command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill provides installation instructions for
pandocand thepypandoclibrary. These are well-established, reputable open-source tools within the document processing ecosystem. The instructions point to standard package managers such as Homebrew, APT, and PyPI. - [SAFE]: No evidence of prompt injection, data exfiltration, or malicious obfuscation was found. The skill includes a documentation example with a placeholder API key (
YOUR_API_KEY), which is used for educational purposes and does not pose a credential leakage risk.
Audit Metadata