Skills
skills/diegosouzapw/awesome-omni-skill/admin-documents/Gen Agent Trust Hub

admin-documents

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The DocumentPipelineService in SKILL.md is vulnerable to indirect prompt injection attacks.
  • Ingestion points: Raw document content is ingested via the /api/admin/documents/upload route and passed to the pipeline.
  • Boundary markers: Prompt templates in _anonymize, _whitelabel, _normalize, _generate_summary, and _generate_qa lack delimiters (e.g., XML tags or triple quotes) to separate instructions from untrusted content.
  • Capability inventory: The service uses the openai library to call LLM models (gpt-4-turbo-preview) and interacts with a database via sqlalchemy and a vector store via RAGService.
  • Sanitization: No escaping, validation, or filtering is performed on the content variable before it is interpolated into prompts using f-strings or .format(), which could allow malicious instructions within a document to hijack the LLM's behavior.
  • [EXTERNAL_DOWNLOADS]: The metadata.json file contains a command to download external content during installation.
  • Evidence: install_command uses curl to fetch SKILL.md from https://raw.githubusercontent.com/majiayu000/claude-skill-registry/main/skills/data/admin-documents/SKILL.md.
  • Context: This is a common installation pattern for skill registries, though it involves fetching unverified content from a remote repository at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 11:56 AM
Security Audit — agent-trust-hub — admin-documents