md-to-office
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Python subprocess module to execute the 'pandoc' command-line tool for document conversion. This involves running external binaries and passing user-provided file paths as arguments.
- [EXTERNAL_DOWNLOADS]: The documentation references the official Pandoc GitHub repository and recommends installing 'pypandoc' from the Python Package Index (PyPI). These are well-known technology sources and are documented neutrally.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from Markdown files provided by users or external sources.
- Ingestion points: Markdown content is read from files through paths like 'input_path' in the conversion functions.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are implemented to separate document content from agent instructions.
- Capability inventory: The skill possesses the capability to execute subprocess commands and perform file system read/write operations.
- Sanitization: There is no evidence of input validation or content sanitization before the Markdown data is passed to the Pandoc conversion engine.
Audit Metadata