converting-files

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes system binaries including pandoc, libreoffice, convert (ImageMagick), and ffmpeg for file conversion tasks.
  • The dispatcher logic in scripts/convert.py constructs command arguments as lists and uses subprocess.run without shell=True. This is a safe implementation that prevents shell-level command injection from input filenames or extra arguments.
  • The skill provides a --plan flag allowing the agent to preview the generated shell command without executing it, providing transparency.
  • [SAFE]: No malicious patterns such as prompt injection, credential harvesting, or data exfiltration were detected. The skill operates entirely on local files within the container environment and does not attempt any network operations or persistence mechanisms.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — converting-files