oma-hwp
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via
bunxto run thekordocconverter and usesnodeto run a local post-processing script (flatten-tables.ts) as defined in theexecution-protocol.md.- [EXTERNAL_DOWNLOADS]: The skill downloads thekordocpackage from the public npm registry at runtime usingbunx kordoc@latest. This is a third-party dependency not maintained by the skill author.- [PROMPT_INJECTION]: The skill ingest HWP-family files to produce Markdown for agent context, which presents a surface for indirect prompt injection. - Ingestion points: Untrusted document files provided at the
input_path(referenced inSKILL.md). - Boundary markers: No explicit instructions are provided to the agent to treat the converted Markdown as untrusted content or to wrap it in boundary delimiters.
- Capability inventory: The skill utilizes subprocess execution (
bunx,node) and file-system write access across its conversion and verification steps. - Sanitization: The
flatten-tables.tsscript performs data cleaning by stripping Hancom-specific Private Use Area (PUA) characters and converting complex HTML table blocks into standard Github Flavored Markdown (GFM).
Audit Metadata