ai-slop-document-auditor

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local system utilities, including pdftotext, textutil, unzip, and python, to perform read-only text extraction from various document formats (PDF, DOCX, PPTX). These are standard tools for document processing and are used here within a limited, read-only scope.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted user-supplied document content (PDF, HTML, Markdown, etc.).
  • Ingestion points: SKILL.md identifies extraction points from external files, directories, and pasted text.
  • Boundary markers: The workflow attempts to mitigate injection by normalizing content into a structured document_units YAML schema before delegation to sub-agents.
  • Capability inventory: The skill possesses file-read capabilities and local command execution for extraction.
  • Sanitization: The skill relies on structured units and stable IDs to maintain context boundaries during analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — ai-slop-document-auditor