converter
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands (
pypandoc-hwpx) using user-provided input. The Phase 3 workflow includes a bash loop template (for file in [folder]/*.md; do ...) which, if executed literally by an agent without sanitizing filenames, could lead to shell injection via metacharacters in file names. - [EXTERNAL_DOWNLOADS] (SAFE): The skill directs users to install dependencies (
pypandoc-hwpx,pandoc) from trusted sources including PyPI and standard system package managers (Homebrew, apt, winget). - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: User-specified file paths and directory contents in
SKILL.md(Phase 1). - Boundary markers: Absent; there are no instructions to the agent to treat filenames or paths as untrusted data.
- Capability inventory: Execution of shell commands via
pypandoc-hwpx(Phase 3). - Sanitization: Absent; the workflow assumes file paths are safe for shell interpolation.
- [PRIVILEGE_ESCALATION] (LOW): The installation guide suggests using
sudo apt installandsudo port install. While these involve elevated privileges, they are standard procedures for installing system-level dependencies like Pandoc and are not considered malicious in this context.
Audit Metadata