docx-to-markdown

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains instructional boilerplate related to task management, subagent usage, and agent behavior protocols. These instructions are designed to ensure consistency and reliability in the agent's execution of the conversion workflow and do not attempt to bypass safety filters or extract system prompts.
  • [DATA_EXFILTRATION]: No network operations (e.g., fetch, curl, wget) or credential access patterns were found. The code's file system interaction is limited to reading the user-provided input file and writing the resulting markdown and image files to the specified output locations.
  • [COMMAND_EXECUTION]: The conversion logic is implemented natively in Node.js using libraries. There are no calls to shell execution functions such as child_process.exec, spawn, or os.system that could be used for arbitrary command injection.
  • [REMOTE_CODE_EXECUTION]: The skill relies on standard dependencies defined in package.json (mammoth, turndown). No patterns were found for downloading or executing remote scripts or dynamic code evaluation.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external document data, creating an ingestion surface in scripts/lib/converter.cjs. While no explicit boundary markers are present in the output, the conversion process is handled by the mammoth and turndown parsers, which sanitize the input as it transitions from DOCX to HTML to Markdown. The capability to write files is used solely for the intended purpose of generating the conversion output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 12:26 PM
Security Audit — agent-trust-hub — docx-to-markdown