md-to-docx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation correctly identifies dependencies on 'pandoc' (a universal document converter) and 'python-docx' (a Python library for creating Word files). These are standard, legitimate tools for the skill's stated purpose.
- [COMMAND_EXECUTION]: The main conversion script ('convert_md_to_docx.py') executes the 'pandoc' CLI using the 'subprocess.run' method. It uses a list of arguments rather than a raw shell string, which is a security best practice that prevents shell injection vulnerabilities.
- [DATA_EXPOSURE]: The skill accesses local Markdown files to perform conversion and writes the output to a specified location. It does not perform any network operations or transmit data to external servers.
- [NO_CODE]: Several files in the skill are documentation (README, INSTALLATION, DISTRIBUTION) and provide clear instructions for use and setup without hidden or malicious scripts.
Audit Metadata