morph
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes various system utilities including pandoc, xelatex, lualatex, gs (Ghostscript), pdftk, and soffice (LibreOffice) to perform document format transformations.
- [COMMAND_EXECUTION]: Includes templates for bash scripts and Makefiles in references/pandoc-recipes.md to facilitate batch processing and automated conversion workflows.
- [PROMPT_INJECTION]: Exhibits vulnerability to indirect prompt injection (Category 8) by processing document content from external sources through engines that interpret complex styling and formatting instructions.
- [PROMPT_INJECTION]: Ingestion points: Documents provided by users or received from other agents such as Scribe, Harvest, and Quill (defined in SKILL.md).
- [PROMPT_INJECTION]: Boundary markers: None identified; the instructions do not include specific delimiters or warnings to ignore embedded instructions within the source documents.
- [PROMPT_INJECTION]: Capability inventory: Extensive use of command-line tools (pandoc, pdftk, gs, qpdf) and rendering engines (xelatex, lualatex, puppeteer) across the conversion scripts and reference guides (defined in SKILL.md and references/).
- [PROMPT_INJECTION]: Sanitization: No evidence of input validation or sanitization before processing.
- [REMOTE_CODE_EXECUTION]: Utilizes Puppeteer/Chrome for rendering HTML-based documents and supports Pandoc Lua filters for AST manipulation, introducing a risk surface for code execution during the transformation process.
- [EXTERNAL_DOWNLOADS]: Recommends the use of the official Pandoc Docker image (pandoc/extra) for establishing reproducible build environments in CI/CD pipelines.
Audit Metadata