pdf-design
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to invoke system utilities for PDF generation and manipulation, including
chromium-browserin headless mode andpdftoppmfor rendering previews. - [COMMAND_EXECUTION]: The Google Drive upload functionality is implemented by piping a Python script into the interpreter via a shell heredoc (
python3 << 'PYEOF'), which is a form of dynamic script execution. - [CREDENTIALS_UNSAFE]: The skill's automation script explicitly accesses a sensitive local credential file containing OAuth2 access and refresh tokens at
/home/jamditis/.claude/google/drive-token.json. - [EXTERNAL_DOWNLOADS]: The HTML report templates reference external assets from Google's well-known font delivery services (
fonts.googleapis.comandfonts.gstatic.com), which are considered trusted sources for web resources.
Audit Metadata