oma-hwp

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via bunx to run the kordoc converter and uses node to run a local post-processing script (flatten-tables.ts) as defined in the execution-protocol.md.- [EXTERNAL_DOWNLOADS]: The skill downloads the kordoc package from the public npm registry at runtime using bunx kordoc@latest. This is a third-party dependency not maintained by the skill author.- [PROMPT_INJECTION]: The skill ingest HWP-family files to produce Markdown for agent context, which presents a surface for indirect prompt injection.
  • Ingestion points: Untrusted document files provided at the input_path (referenced in SKILL.md).
  • Boundary markers: No explicit instructions are provided to the agent to treat the converted Markdown as untrusted content or to wrap it in boundary delimiters.
  • Capability inventory: The skill utilizes subprocess execution (bunx, node) and file-system write access across its conversion and verification steps.
  • Sanitization: The flatten-tables.ts script performs data cleaning by stripping Hancom-specific Private Use Area (PUA) characters and converting complex HTML table blocks into standard Github Flavored Markdown (GFM).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-hwp