Skills
skills/cwyalpha/word-formatter-pro/doc-format/Gen Agent Trust Hub

doc-format

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/wfp_cli.py script uses subprocess.run to call the LibreOffice soffice executable for document conversion. This execution is performed using a list of arguments without a shell, and paths are handled using the pathlib module to prevent injection. This functionality is essential for the skill's primary purpose of document formatting.
  • [SAFE]: The static analyzer flagged a dynamic import in scripts/wfp_tests.py, but investigation shows it is a standard implementation of the unittest framework for loading tests from the current module.
  • [SAFE]: No evidence of data exfiltration, credential harvesting, or prompt injection was found. The skill does not perform network operations and restricts its file operations to document processing and temporary file management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:55 AM