document-spreadsheet-tooling-readiness
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard environment discovery commands (
where.exe) to check for the presence of legitimate binaries like Pandoc, LibreOffice (soffice), wkhtmltopdf, and Tesseract. These are routine checks for verifying document processing capabilities. - [EXTERNAL_DOWNLOADS]: The skill provides an approved installation command for well-known Python packages from official registries. Notably, it includes a security-positive instruction to 'Use standard package managers only' and explicitly forbids running 'remote install scripts.'
- [DYNAMIC_EXECUTION]: In
references/toolchain-checks.md, a small inline Python script is used via a shell heredoc to inspect package versions usingimportlib.metadata. This is a standard and safe method for environment validation that does not involve untrusted data. - [PRIVILEGE_ESCALATION]: The recommended installation command uses the
--userflag, which is a security best practice ensuring that packages are installed within the user's scope rather than requiring administrative/root privileges.
Audit Metadata