knowledge-compiler
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill leverages the
uvtool to dynamically manage and download Python dependencies required for its operation, such asdocling,pdfminer.six, andPyPDF2. These are well-established libraries for document extraction and are retrieved from standard package registries. - [COMMAND_EXECUTION]: The skill executes external CLI tools including
pdftotext,pdfinfo, anduvthrough thesubprocess.runinterface. The scripts correctly pass command-line arguments as an array of strings, which effectively mitigates the risk of command injection compared to using raw shell strings. - [PROMPT_INJECTION]: As a tool designed to process and analyze third-party documents, the skill is susceptible to indirect prompt injection attacks. Malicious instructions embedded in a user-provided PDF or EPUB file could attempt to hijack the agent's logic during the knowledge compilation phase.
- Ingestion points: Document text is extracted and stored in local files such as
cache/jobs/<job-id>/source.txtbefore being analyzed by the agent in segments. - Boundary markers: The skill does not currently implement explicit boundary markers (e.g., unique XML tags) or specific 'ignore' directives to separate the extracted content from the agent's instructions.
- Capability inventory: The skill has the capability to read and write files in the local filesystem and execute subprocesses for text extraction tasks.
- Sanitization: There is no automated sanitization or filtering logic applied to the extracted text to detect or remove potential injection patterns before processing.
Audit Metadata