Skills
skills/jerryjliu/liteparse_samples/research-docs/Gen Agent Trust Hub

research-docs

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the liteparse Python package and @llamaindex/liteparse Node package. These are official LlamaIndex libraries required for the skill's document parsing functionality.
  • [COMMAND_EXECUTION]: Executes a bundled Python script (generate_report.py) via the Bash tool to orchestrate document parsing, text extraction, and HTML report generation.
  • [DATA_EXFILTRATION]: Local documents are processed via the LiteParse service. This involves transmitting document content to the vendor's parsing infrastructure, which is the stated and intended primary function of the skill.
  • [PROMPT_INJECTION]: The skill processes content from external documents, which constitutes an indirect prompt injection surface. The impact is mitigated as the skill primarily uses this data for retrieval and includes HTML escaping in the report generation script to prevent cross-site scripting (XSS) in the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 06:48 AM