yao-crux-skill
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts
generate_report_bundle.pyandverify_report_bundle.pyutilizesubprocess.run()to invoke system utilities for file format conversion and text extraction. - Binaries called include
pandoc(for Markdown to DOCX conversion),python3(to run WeasyPrint for PDF generation),textutil(for DOCX text extraction during verification), andpdftotext(for PDF text extraction during verification). - These calls are implemented using list-based arguments without shell execution (
shell=Falsedefault), and are essential to the skill's primary function of generating and validating multi-format report bundles. - [EXTERNAL_DOWNLOADS]: The reference material
复杂问题主要矛盾识别方法论调研报告.htmlcontains numerous links to external academic, research, and technology domains. - Referenced domains include well-known and reputable sources such as
plato.stanford.edu,arxiv.org,microsoft.com,harvard.edu(via PubMed), andmitpress.mit.edu. - These are used solely for bibliographic citations and research context, with no automated fetching or execution of remote content detected.
Audit Metadata