Security Audit
dkyazzentwatwa/chatgpt-skills:document-converter-suite
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:document-converter-suite received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 0 critical, 3 high, 7 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version, Excessive File System Access via User-Controlled Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Dependency Graph layer scored lowest at 58/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | document-converter-suite/scripts/lib/conversion.py:21 | |
| HIGH | Excessive File System Access via User-Controlled Paths The `convert.py` and `batch_convert.py` scripts allow users to specify arbitrary input and output file paths using `--input`, `--out`, `indir`, and `outdir` arguments. These paths are resolved using `Path.expanduser().resolve()`, granting the skill access to any location on the filesystem that the executing user has permissions for. A malicious user could exploit this by providing paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) as input to read their content, or by specifying an output directory to exfiltrate converted sensitive data to an attacker-controlled location or overwrite critical system files. Implement strict path validation and confinement. Restrict file operations to a designated, isolated workspace directory. Do not allow `expanduser()` or `resolve()` on user-provided paths if the skill is intended to operate within a confined environment. If broader access is necessary, clearly document the security implications and ensure the agent's execution environment enforces strong sandboxing policies (e.g., containerization with restricted mounts). | Static | scripts/convert.py:50 | |
| HIGH | Excessive File System Access via User-Controlled Paths The `convert.py` and `batch_convert.py` scripts allow users to specify arbitrary input and output file paths using `--input`, `--out`, `indir`, and `outdir` arguments. These paths are resolved using `Path.expanduser().resolve()`, granting the skill access to any location on the filesystem that the executing user has permissions for. A malicious user could exploit this by providing paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) as input to read their content, or by specifying an output directory to exfiltrate converted sensitive data to an attacker-controlled location or overwrite critical system files. Implement strict path validation and confinement. Restrict file operations to a designated, isolated workspace directory. Do not allow `expanduser()` or `resolve()` on user-provided paths if the skill is intended to operate within a confined environment. If broader access is necessary, clearly document the security implications and ensure the agent's execution environment enforces strong sandboxing policies (e.g., containerization with restricted mounts). | Static | scripts/batch_convert.py:50 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pypdf>=3.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-docx>=0.8.11' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-pptx>=0.6.21' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'openpyxl>=3.0.10' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4>=4.11.1' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'reportlab>=3.6.12' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | document-converter-suite/scripts/requirements.txt:6 | |
| MEDIUM | Unpinned or Loosely Pinned Dependencies The `requirements.txt` file specifies dependencies using `>=` (greater than or equal to) operators, such as `pypdf>=3.0.0` and `python-docx>=0.8.11`. This allows for automatic updates to any future version of these packages, including minor and major releases. While convenient, this practice introduces a supply chain risk: a new version of a dependency could introduce breaking changes, performance regressions, or even critical security vulnerabilities or malicious code, without explicit review or testing. This could lead to unexpected behavior or compromise the skill. Pin dependencies to exact versions (e.g., `pypdf==3.0.0`) or use compatible release operators (e.g., `pypdf~=3.0.0` for `3.0.x` versions) to ensure predictable and secure builds. Regularly review and manually update dependencies after verifying their compatibility and security. Consider using a dependency management tool that generates a lock file (e.g., `pip-tools` or `Poetry`). | Static | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/34315a52e8755099)
Powered by SkillShield