Skills
skills/bytedance/agentkit-samples/byted-las-pdf-parse-doubao/Gen Agent Trust Hub

byted-las-pdf-parse-doubao

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits PDF URLs to the ByteDance Volcano Engine API (volces.com) for extraction. This is a vendor-owned resource used for the skill's primary purpose.
  • [COMMAND_EXECUTION]: The utility script scripts/skill.py includes the ability to write parsed content to the local file system through the --out-markdown and --out-json arguments.
  • [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by converting external PDF content into Markdown that the agent later consumes.
  • Ingestion points: External PDF URLs fetched and parsed by scripts/skill.py.
  • Boundary markers: Absent; the skill returns the parsed Markdown directly to the agent.
  • Capability inventory: The skill can perform network requests to the ByteDance API and write files to the local disk.
  • Sanitization: None; content is extracted from the PDF as provided by the external source.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:27 PM