Skills
skills/mrgoonie/claudekit-skills/ai-multimodal/Gen Agent Trust Hub

ai-multimodal

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill uses subprocess.run to execute external conversion tools like wkhtmltopdf. This is a standard implementation for its document processing features and is limited to its core functionality.
  • PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection (Category 8) due to processing untrusted data (PDF, audio, Word) without explicit safety boundaries.
  • Ingestion points: Files processed via client.files.upload and file read operations in document_converter.py.
  • Boundary markers: Absent in the provided code snippets and references.
  • Capability inventory: LLM text generation and file system write operations for conversions.
  • Sanitization: No evidence of input validation or content filtering for external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:55 PM