Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/file-format-converter/Gen Agent Trust Hub

file-format-converter

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to process external files and has access to high-privilege tools like Bash and Write. This creates a vulnerability surface where malicious instructions inside a data file could attempt to influence the agent.
  • Ingestion points: Uses the Read tool to access data files.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt template.
  • Capability inventory: Includes Bash, Write, and Edit tools which could be abused if an injection succeeds.
  • Sanitization: No sanitization or validation logic is specified for the content of processed files.
  • Command Execution (SAFE): The skill requests the Bash tool in allowed-tools. While this is a high-risk capability, it is consistent with the stated purpose of performing file format conversions and data pipeline tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:28 PM