Convert Document
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The
converter.pyscript executes the externalpandocutility usingsubprocess.runwith an argument list. This is a secure implementation that prevents shell injection vulnerabilities, even if an attacker provides a malicious filename. - [DATA_EXPOSURE] (SAFE): The skill only reads the input file and writes the output file as specified. It does not access sensitive directories (like SSH or AWS credentials) or perform any network operations to exfiltrate data.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns of downloading and executing remote scripts (e.g.,
curl | bash). All processing is done locally using established tools and libraries.
Audit Metadata