query

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The wrapper script bin/query downloads a platform-specific binary from the vendor's CDN at https://agent-cdn.nutrient.io/pdf-to-markdown/. This is performed during the first run or during periodic update checks.
  • [COMMAND_EXECUTION]: The script executes the downloaded binary to perform search operations. It passes query parameters and file paths directly to the tool.
  • [PROMPT_INJECTION]: The skill ingests untrusted text from documents for searching. While results are restricted to specific line windows, the lack of sanitization or boundary markers for the extracted text presents a surface for indirect prompt injection where malicious content in the document could attempt to influence the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 02:21 AM
Security Audit — agent-trust-hub — query