doc-importer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external documents and URLs which could contain embedded malicious instructions.
- Ingestion points: Processes local file paths and remote URLs as described in Step 1 of SKILL.md.
- Boundary markers: Step 4 explicitly requires wrapping converted content in external content boundary markers to delineate untrusted content from system instructions.
- Capability inventory: The skill involves reading local files and writing the resulting Markdown to the local file system as defined in Step 5.
- Sanitization: Step 4 mandates a sanitization protocol including stripping system/instruction tags and truncating sections to prevent context overflow or accidental instruction following.
- [UNVERIFIABLE_DEPENDENCIES_RCE]: The skill mentions utilizing 'markitdown', a document conversion tool provided by Microsoft, for high-quality Markdown conversion.
Audit Metadata