Skills
skills/stvlynn/dingtalk-wukong-skills/pdf-convert-to-word/Gen Agent Trust Hub

pdf-convert-to-word

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES]: The conversion guide (prompts/pdf_to_word_conversion_guide.md) instructs the agent to install external Python packages pdf2docx and PyMuPDF via pip3. While these are recognized libraries, the skill grants the agent the capability to download and install arbitrary packages from the internet.
  • [DATA_EXPOSURE]: The script convert_pdf_to_word.py contains hardcoded absolute local file paths (e.g., /Users/yunhuan/Downloads/...), which exposes a developer's local username and directory structure.
  • [DYNAMIC_EXECUTION]: The conversion workflow involves generating, executing, and deleting temporary Python scripts, as described in the pdf_to_word_conversion_guide.md. This execution of runtime-generated code is a core feature of the skill.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes PDF and Word documents and possesses the capability to write files and execute shell commands, creating a surface for indirect instructions to influence agent behavior.
  • Ingestion points: convert_pdf_to_word.py, convert_word_to_md.py, and convert_word_to_md_simple.py (reads PDF and DOCX files)
  • Boundary markers: No markers or instructions are present to delimit untrusted data or warn the agent against executing embedded commands
  • Capability inventory: File writing (open), command execution (python3, pip3), and file deletion (rm)
  • Sanitization: No validation or escaping is applied to the content extracted from processed documents
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 12:04 PM