Skills
skills/docusealco/docuseal-agent-skills/docuseal-cli/Gen Agent Trust Hub

docuseal-cli

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the docuseal package from the official NPM registry. This package is the legitimate CLI tool associated with the vendor.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the docuseal binary to manage e-signature workflows, including template creation and document submission.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection as it processes external data such as HTML content, PDF/DOCX templates, and user-provided variables.
  • Ingestion points: Commands like submissions create-pdf, create-docx, and create-html (in references/submissions.md) ingest local files, remote URLs, and inline HTML strings.
  • Boundary markers: The skill instructions do not prescribe specific delimiters or isolation techniques for untrusted content handled by the agent.
  • Capability inventory: The agent has the capability to read local files, access the environment, and execute shell commands via the CLI.
  • Sanitization: The SKILL.md security section explicitly states that the CLI passes content to the server for processing and does not interpolate user input into shell commands, reducing the risk of local execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:48 PM