pandoc-converter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The installation instructions in
SKILL.mdexplicitly direct the agent or user to runsudo apt-get install pandoc. Requesting administrative privileges is a high-risk pattern that exceeds the necessary scope for basic document processing. - Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external data (Markdown, HTML, DOCX, CSV) and feed it into a command-line pipeline.
- Ingestion points:
scripts/convert.pyaccepts user-provided file paths and contents as input. - Boundary markers: None detected in the documentation or conversion examples.
- Capability inventory: The skill executes shell commands via
python scripts/convert.pyand supports direct pass-through of additional Pandoc options. - Sanitization: Not verifiable as the implementation of
scripts/convert.pyis missing. - Command Execution (MEDIUM): The documentation states that "Additional Pandoc options pass through directly." This suggests a lack of argument validation which could allow for command injection or the use of dangerous Pandoc flags (e.g.,
--lua-filter) to execute arbitrary code if the input is not strictly sanitized. - Unverifiable Dependencies (LOW): The skill relies on an external script
scripts/convert.pywhich is not included in the provided file list. Without the source code for this script, the actual safety of the file handling and command execution cannot be confirmed.
Recommendations
- AI detected serious security threats
Audit Metadata