dwg-to-excel
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
DwgExporterbinary viasubprocess.run. This is the intended mechanism for processing DWG files and is used specifically for the conversion task using a list-based command structure, which minimizes shell injection risks. - [PROMPT_INJECTION]: The skill processes user-provided DWG files and extracts text content such as annotations and attributes, creating a surface for potential indirect prompt injection.
- Ingestion points: Content is read from generated Excel files via
read_entitiesandget_text_contentmethods in theDWGExporterclass. - Boundary markers: None identified; extracted text content is processed and presented to the model as standard data.
- Capability inventory: The skill possesses filesystem read/write access and the ability to execute the
DwgExporterbinary. - Sanitization: No explicit sanitization or filtering of the text content extracted from the CAD drawings is implemented before processing.
- [SAFE]: No evidence of malicious activity was found. The skill does not contain hardcoded credentials, perform suspicious network requests, or use obfuscated code. It strictly adheres to its stated purpose of CAD data extraction and analysis.
Audit Metadata