converting-files
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system binaries including pandoc, libreoffice, convert (ImageMagick), and ffmpeg for file conversion tasks.
- The dispatcher logic in
scripts/convert.pyconstructs command arguments as lists and usessubprocess.runwithoutshell=True. This is a safe implementation that prevents shell-level command injection from input filenames or extra arguments. - The skill provides a
--planflag allowing the agent to preview the generated shell command without executing it, providing transparency. - [SAFE]: No malicious patterns such as prompt injection, credential harvesting, or data exfiltration were detected. The skill operates entirely on local files within the container environment and does not attempt any network operations or persistence mechanisms.
Audit Metadata