convert-to-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local files and transmits them to an external third-party API for processing.
- Ingestion points: Local file paths are accepted via CLI arguments in
scripts/convert-to-pdf.py. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore potential prompts within the processed documents.
- Capability inventory: The script
scripts/convert-to-pdf.pyperforms file read operations and network POST/GET requests toapi.xss-cross-service-solutions.com. - Sanitization: Absent; file binary data is uploaded directly without validation of content safety.
- Note: This behavior is consistent with the primary documented purpose of the skill.
- [EXTERNAL_DOWNLOADS]: The skill provides URLs for downloading processed files from a remote domain.
- Evidence: The script extracts and returns the
pathfield from the API response inscripts/convert-to-pdf.py. - [CREDENTIALS_UNSAFE]: No hardcoded credentials were identified. The skill correctly utilizes environment variables or command-line arguments for the required API Bearer token.
Audit Metadata