Documents

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Uses various command-line tools to perform document processing tasks. These include soffice (LibreOffice) for format conversion and formula recalculation, pandoc for text extraction, pdftoppm for image generation, and llm for AI-enhanced PDF analysis. Commands are constructed using argument lists rather than shell strings, which is a secure practice that prevents command injection.
  • [EXTERNAL_DOWNLOADS]: Instructs the user or agent to install several legitimate third-party dependencies through standard package managers. This includes Python packages like pypdf, pdfplumber, and markitdown, and Node.js packages like playwright, sharp, and pptxgenjs.
  • [DATA_EXFILTRATION]: Performs status notifications via a curl POST request to localhost:8888. This is a local network operation for workflow signaling and does not transmit data to external or untrusted servers.
  • [INDIRECT_PROMPT_INJECTION]: As a tool designed to process external document formats (PDF, Word, etc.), the skill inherently ingests untrusted data. This potential attack surface is addressed through the use of established parsing libraries and defusedxml, which protects against XML-based attacks like XXE.
  • [DYNAMIC_EXECUTION]: The Xlsx/recalc.py script automatically configures a hardcoded LibreOffice Basic macro on the local system to enable automatic formula recalculation. This modification is limited to the specific functionality of the skill and uses a predefined, safe script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 03:12 PM
Security Audit — agent-trust-hub — Documents