yao-crux-skill

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python scripts generate_report_bundle.py and verify_report_bundle.py utilize subprocess.run() to invoke system utilities for file format conversion and text extraction.
  • Binaries called include pandoc (for Markdown to DOCX conversion), python3 (to run WeasyPrint for PDF generation), textutil (for DOCX text extraction during verification), and pdftotext (for PDF text extraction during verification).
  • These calls are implemented using list-based arguments without shell execution (shell=False default), and are essential to the skill's primary function of generating and validating multi-format report bundles.
  • [EXTERNAL_DOWNLOADS]: The reference material 复杂问题主要矛盾识别方法论调研报告.html contains numerous links to external academic, research, and technology domains.
  • Referenced domains include well-known and reputable sources such as plato.stanford.edu, arxiv.org, microsoft.com, harvard.edu (via PubMed), and mitpress.mit.edu.
  • These are used solely for bibliographic citations and research context, with no automated fetching or execution of remote content detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:50 AM
Security Audit — agent-trust-hub — yao-crux-skill