Documents
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes documents from external sources, making it susceptible to indirect prompt injection. Ingestion occurs via tools like pandoc and markitdown. While prompts are structured, they do not have dedicated boundary markers to protect against malicious instructions embedded in documents. Ingestion points include PDF, DOCX, XLSX, and PPTX files. Capability inventory includes subprocess execution and file modification. Sanitization is limited to XML structure protection via defusedxml.
- [COMMAND_EXECUTION]: The skill uses local subprocesses to run document processing utilities such as soffice, pdftoppm, and qpdf. These tools operate on local files provided by the user and facilitate conversion between various document formats.
- [EXTERNAL_DOWNLOADS]: Certain workflows rely on the installation of external packages like llm-gemini and markitdown. These are used to provide advanced multimodal extraction and analysis features. References to well-known packages and services are documented but do not escalate the risk profile.
Audit Metadata