Extract structured data from unstructured files (PDF, PPTX, DOCX...)

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'llama_cloud_services' package via pip. This is the official library provided by the skill author 'run-llama' for document extraction tasks.
  • [CREDENTIALS_UNSAFE]: The skill uses an API key ('LLAMA_CLOUD_API_KEY') for cloud services. It follows security best practices by instructing users to provide this through environment variables rather than hardcoding it in the scripts.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing unstructured data from external documents (PDF, DOCX, etc.).
  • Ingestion points: Files and text content processed via the 'extract' and 'aextract' methods in 'SKILL.md' and 'REFERENCE.md'.
  • Boundary markers: The code examples do not show the use of delimiters or specific instructions to ignore embedded prompts within the documents.
  • Capability inventory: The skill performs network API calls to the LlamaCloud service for processing.
  • Sanitization: No sanitization or content validation of the input documents is demonstrated in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:37 AM
Security Audit — agent-trust-hub — Extract structured data from unstructured files (PDF, PPTX, DOCX...)