The Agent Skills Directory

[SAFE]: The skill performs document analysis and annotation as its primary function.
[COMMAND_EXECUTION]: The skill uses subprocess.run to invoke pandoc for document text extraction and mmdc for Mermaid flowchart rendering. These are standard operations for the skill's stated purpose, and the implementation uses argument lists rather than shell strings, which reduces command injection risks.
[SAFE]: The Python scripts employ the defusedxml library for XML parsing, which is a security best practice to prevent XML External Entity (XXE) vulnerabilities when processing Office documents.
[SAFE]: No malicious patterns such as credential exfiltration, persistence, or unauthorized network activity were detected. External tool dependencies (pandoc, Mermaid CLI) are common utilities for document workflows.

contract-review-pro