Documents
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Uses various command-line tools to perform document processing tasks. These include
soffice(LibreOffice) for format conversion and formula recalculation,pandocfor text extraction,pdftoppmfor image generation, andllmfor AI-enhanced PDF analysis. Commands are constructed using argument lists rather than shell strings, which is a secure practice that prevents command injection. - [EXTERNAL_DOWNLOADS]: Instructs the user or agent to install several legitimate third-party dependencies through standard package managers. This includes Python packages like
pypdf,pdfplumber, andmarkitdown, and Node.js packages likeplaywright,sharp, andpptxgenjs. - [DATA_EXFILTRATION]: Performs status notifications via a
curlPOST request tolocalhost:8888. This is a local network operation for workflow signaling and does not transmit data to external or untrusted servers. - [INDIRECT_PROMPT_INJECTION]: As a tool designed to process external document formats (PDF, Word, etc.), the skill inherently ingests untrusted data. This potential attack surface is addressed through the use of established parsing libraries and
defusedxml, which protects against XML-based attacks like XXE. - [DYNAMIC_EXECUTION]: The
Xlsx/recalc.pyscript automatically configures a hardcoded LibreOffice Basic macro on the local system to enable automatic formula recalculation. This modification is limited to the specific functionality of the skill and uses a predefined, safe script.
Audit Metadata