pdf-creator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several system binaries via
subprocess.run, includingpandocfor markdown conversion,pdftoppmandpdftotext(from Poppler) for preview generation and typography linting, and Google Chrome or Chromium for headless PDF rendering. These calls are essential for the skill's primary purpose and use local paths for input and output. - [COMMAND_EXECUTION]: Integration test scripts (e.g.,
test_cjk_code_blocks.py) useuv runandpython -cto execute modular tests. This behavior is localized to the testing suite and does not involve untrusted remote code.
Audit Metadata