doc
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/render_docx.pyusessubprocess.runto callsoffice(LibreOffice) andpdftoppm(Poppler) for document conversion and rendering. These commands are executed using list-based arguments without a shell, which mitigates command injection risks. - [EXTERNAL_DOWNLOADS]: The skill documents dependencies on well-known, standard packages including
python-docx,pdf2image,libreoffice, andpoppler-utils. These are instructed to be installed via official package managers (pip,apt, orbrew). - [DATA_EXFILTRATION]: No network activity or hardcoded credentials were detected. The skill processes local files and uses local temporary directories (
/tmp/) for intermediate processing.
Audit Metadata