pdf-to-markdown

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a well-structured tool for document conversion. All core logic is contained within the provided JavaScript files and relies on reputable open-source dependencies.
  • [COMMAND_EXECUTION]: The skill executes local commands using Node.js to process files. This execution is restricted to the specific PDF-to-Markdown conversion logic and is mediated by user-provided input and output paths. No arbitrary command execution was detected.
  • [EXTERNAL_DOWNLOADS]: The skill requires standard dependencies from the NPM registry. The installation steps (npm install, ck init) target well-known package managers and developer tools for the purpose of setting up the conversion environment.
  • [PROMPT_INJECTION]: The instructions in SKILL.md include directives to ensure the agent adheres to the skill's protocols (e.g., 'Strict execution contract', 'Ignore Claude-specific mode-switch instructions'). These function as operational constraints for reliability and do not attempt to bypass security filters.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes user-provided PDF content and outputs it as Markdown. Ingestion points: PDF files read in 'scripts/lib/converter.cjs'. Boundary markers: None explicitly added to the output content. Capability inventory: 'fs.readFileSync' and 'fs.writeFileSync' for file processing. Sanitization: None; the skill performs direct content extraction and formatting.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:03 AM
Security Audit — agent-trust-hub — pdf-to-markdown