document-spreadsheet-tooling-readiness

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard environment discovery commands (where.exe) to check for the presence of legitimate binaries like Pandoc, LibreOffice (soffice), wkhtmltopdf, and Tesseract. These are routine checks for verifying document processing capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill provides an approved installation command for well-known Python packages from official registries. Notably, it includes a security-positive instruction to 'Use standard package managers only' and explicitly forbids running 'remote install scripts.'
  • [DYNAMIC_EXECUTION]: In references/toolchain-checks.md, a small inline Python script is used via a shell heredoc to inspect package versions using importlib.metadata. This is a standard and safe method for environment validation that does not involve untrusted data.
  • [PRIVILEGE_ESCALATION]: The recommended installation command uses the --user flag, which is a security best practice ensuring that packages are installed within the user's scope rather than requiring administrative/root privileges.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:28 AM
Security Audit — agent-trust-hub — document-spreadsheet-tooling-readiness