eyeball
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions guide the installation of standard Python packages from the official Python Package Index (PyPI), including pymupdf, pillow, python-docx, and playwright. It also includes an instruction to download and install the Chromium browser via the Playwright framework. These resources are necessary for the skill's documented functionality.
- [COMMAND_EXECUTION]: The skill operates by executing a local Python utility (eyeball.py) that invokes external system processes such as Microsoft Word, LibreOffice, or Playwright to perform document conversions and rendering. The agent is directed to construct these shell commands using user-provided paths and parameters.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it is designed to ingest and process text from untrusted external sources like local files and web URLs.
- Ingestion points: The extract-text command in eyeball.py reads content from user-specified documents or URLs.
- Boundary markers: There are no instructions providing delimiters or warnings to help the agent distinguish between its system instructions and the untrusted content being analyzed.
- Capability inventory: The utility can write files to the user's desktop and execute subprocesses for document conversion.
- Sanitization: No explicit sanitization or filtering is applied to the extracted source material before it is provided to the agent for analysis.
Audit Metadata