document-converter
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates various local binaries including LibreOffice, Ghostscript, pdftk, Tesseract, and ImageMagick to perform document transformations. The skill provides instructions for the agent to display command-line installation steps to the user, which include the use of sudo for Linux-based systems for package management.- [EXTERNAL_DOWNLOADS]: Recommends the installation of necessary tools through official system package managers including Homebrew, APT, and Winget, which are well-known and trusted services.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it operates on external document files provided by the user.
- Ingestion points: User-provided file paths and the content of those files (e.g., PDFs, DOCX) processed during conversion and OCR workflows in SKILL.md.
- Boundary markers: Example bash commands in SKILL.md wrap file paths in double quotes to provide basic delimitation.
- Capability inventory: Employs shell command execution to read and write files via local subprocesses (LibreOffice, pdftk, etc.).
- Sanitization: There are no explicit instructions for the agent to validate or sanitize filenames or document content prior to their use in shell command templates.
Audit Metadata