Skills
skills/jonnyschneider/skills/md-to-docx-template/Gen Agent Trust Hub

md-to-docx-template

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The md-to-docx.py script executes the pandoc binary to perform document conversion. It uses subprocess.run with a list of arguments, which is the secure way to invoke external commands and prevents shell injection.
  • [COMMAND_EXECUTION]: The script optionally invokes the system open command to display the generated document. This is a standard user-requested feature for local workflow automation.
  • [DATA_EXFILTRATION]: The conversion tool supports remote images in markdown by allowing Pandoc to make HTTP requests for those assets. There is no evidence of the script reading sensitive local files (like SSH keys or environment variables) or sending such data to external servers.
  • [DYNAMIC_EXECUTION]: The scripts use importlib.util to load internal modules from the local file system. The paths are resolved relative to the script's directory, ensuring that the dynamic loading is restricted to the skill's own verified code and does not involve remote or untrusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 10:18 AM