skills/run-llama/vibe-llama/Extract structured data from unstructured files (PDF, PPTX, DOCX...)/Gen Agent Trust Hub
Extract structured data from unstructured files (PDF, PPTX, DOCX...)
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'llama_cloud_services' package via pip. This is the official library provided by the skill author 'run-llama' for document extraction tasks.
- [CREDENTIALS_UNSAFE]: The skill uses an API key ('LLAMA_CLOUD_API_KEY') for cloud services. It follows security best practices by instructing users to provide this through environment variables rather than hardcoding it in the scripts.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing unstructured data from external documents (PDF, DOCX, etc.).
- Ingestion points: Files and text content processed via the 'extract' and 'aextract' methods in 'SKILL.md' and 'REFERENCE.md'.
- Boundary markers: The code examples do not show the use of delimiters or specific instructions to ignore embedded prompts within the documents.
- Capability inventory: The skill performs network API calls to the LlamaCloud service for processing.
- Sanitization: No sanitization or content validation of the input documents is demonstrated in the examples.
Audit Metadata