Skills
skills/pitzcarraldo/skills/hwp/Gen Agent Trust Hub

hwp

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads and installs the pyhwp2md package at runtime from PyPI using uvx, pipx, or pip.
  • [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection via external document processing.
  • Ingestion points: Text extracted from HWP/HWPX files via pyhwp2md command in SKILL.md.
  • Boundary markers: Absent; the instructions tell the agent to use output directly or read from a temp file without delimiters.
  • Capability inventory: The skill uses bash subprocess calls to execute tools and list files.
  • Sanitization: None; untrusted text from the document is interpolated directly into the context.
  • [COMMAND_EXECUTION] (LOW): The skill uses bash scripts to detect environment tools and execute document conversion commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:15 PM