md2docs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes official Google API client libraries and standard markdown processing packages.
- [SAFE]: Authentication credentials and OAuth tokens are stored locally in the user's home directory, ensuring they remain under the user's control.
- [SAFE]: External dependencies are installed via standard package managers (pip, npx) from well-known repositories.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the markdown files it processes.
- Ingestion points: The
scripts/md2docs.pyscript reads the full content of any Markdown file specified by the user via command-line arguments. - Boundary markers: The skill does not use specific markers to isolate the file content or warn the agent about potential instructions within the data.
- Capability inventory: The skill has the ability to run subprocesses (for installing dependencies and rendering diagrams), interact with the Google Drive API, and open the default web browser.
- Sanitization: Input content is not sanitized or validated for malicious instructions prior to processing.
Audit Metadata