law-to-markdown
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
law_to_markdown.pyresolves and executes a JavaScript file usingosascript. The location of this file is tied to an external skill (mineru-ocr) which the instructions guide the user to install from an untrusted third-party GitHub repository (github.com/cat-xierluo/legal-skills). This establishes a critical dependency on unverified code that runs with local user privileges.\n- [EXTERNAL_DOWNLOADS]: The documentation and source code provide explicit instructions and a shell command to download software from a non-trusted GitHub source (cat-xierluo). This represents a significant supply-chain risk as the external repository is not verified and is outside the control of the skill's author.\n- [COMMAND_EXECUTION]: The skill utilizessubprocess.runto invoke system commands (osascript). It is designed to execute scripts from a directory that the user is prompted to populate with code from an untrusted source, potentially facilitating arbitrary script execution.\n- [PROMPT_INJECTION]: The skill ingests untrusted external data which is then processed and analyzed by an LLM to make structural decisions.\n - Ingestion points: Document reading in
law_to_markdown.pyusingpdfplumberandpython-docx.\n - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the output text.\n
- Capability inventory: Subprocess execution via
osascriptand file system write access.\n - Sanitization: The skill does not escape or validate the content of processed documents before providing it to the model.
Recommendations
- AI detected serious security threats
Audit Metadata