document-to-mindmap
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version metadata from the vendor's official GitHub repository (
processonai/processon-skills) to facilitate automatic updates and ensure compatibility. - [DATA_EXFILTRATION]: Sends processed markdown or document content to the official ProcessOn API at
smart.processon.com. This is the core functionality required to generate the mind map and provide the user with viewing and editing links. - [COMMAND_EXECUTION]: Utilizes
run_shell_commandto execute a local Python client script and shell commands for version checking and skill installation. These operations are limited to the skill's own directory and the vendor's infrastructure. - [PROMPT_INJECTION]: The skill processes untrusted user-supplied documents and web content, which presents a surface for indirect prompt injection. However, its instructions are strictly focused on structural analysis and summarization, and it does not allow document content to influence agent behavior outside of the mind map generation task.
Audit Metadata