Skills
skills/mamba-mental/agent-skill-manager/ai-multimodal/Gen Agent Trust Hub

ai-multimodal

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): Based on the unit tests in scripts/tests/test_document_converter.py, the skill uses subprocess.run to execute external binaries such as wkhtmltopdf for HTML and Markdown conversion.
  • Evidence: Functions like test_convert_markdown_success and test_convert_html_success mock subprocess calls, indicating that the underlying document_converter.py performs system-level command execution.
  • Risk: If input filenames or content are not properly sanitized before being passed to the shell, this could lead to command injection.
  • [PROMPT_INJECTION] (LOW): The skill is designed to ingest and process untrusted external data (Audio, PDF, Word, and HTML files).
  • Ingestion Points: audio-processing.md (audio files via client.files.upload), test_document_converter.py (PDF, Markdown, HTML inputs).
  • Boundary Markers: Absent. The prompts provided in references/audio-processing.md (e.g., "Generate a transcript of the speech.") do not use delimiters or instructions to ignore embedded commands.
  • Capability Inventory: Subprocess execution, file system writes (open('output.wav', 'wb')), and network access to the Gemini API.
  • Sanitization: No sanitization or validation of the input file content is visible in the provided reference code or tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM