Skills
skills/fabioc-aloha/pbi-visual-assistant/docx-to-md/Gen Agent Trust Hub

docx-to-md

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis

  • [SAFE]: No malicious patterns, such as data exfiltration, hardcoded credentials, or obfuscated code, were detected in the skill instructions.

  • [COMMAND_EXECUTION]: The skill relies on local command execution (node and pandoc) to perform document conversion. This is standard behavior for a file processing utility and is consistent with the primary purpose.

  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted Word documents. However, it includes a multi-stage cleanup pipeline—removing comments, stripping span classes, and normalizing headings—which acts as a form of content sanitization. This is a low-risk architectural characteristic common to document converters.

    • Ingestion points: Files matching .docx patterns in SKILL.md.
    • Boundary markers: None explicitly defined in output templates.
    • Capability inventory: File system write (image extraction), subprocess execution (node, pandoc).
    • Sanitization: Implements a conversion pipeline that removes metadata, comments, and non-structural formatting.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 12:53 PM