rsvp-reading
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied documents (PDF, DOCX, TXT, MD) and previews the content to the user. This creates an indirect prompt injection surface where malicious text in a document could attempt to influence the agent's behavior during the reading session preview.
- Ingestion points:
SKILL.md(Step 1: Parse the Document) - Boundary markers: Absent (no delimiters or instructions to ignore embedded commands are specified)
- Capability inventory: Bash, Read, Write tools available
- Sanitization: Absent (no evidence of text sanitization or filtering before content is displayed as a preview)
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local Python scripts (parse_document.py,orp_engine.py). While these are internal scripts, the execution of shell commands based on user-provided file paths requires careful handling to prevent command injection. - [EXTERNAL_DOWNLOADS]: The skill depends on
docxandpdfminer. These are well-known, legitimate Python packages used for document parsing and do not represent a significant security risk when sourced from standard registries.
Audit Metadata