Skills
skills/skyworkai/skywork-skills/Skywork Document/Gen Agent Trust Hub

Skywork Document

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its document parsing functionality.
  • Ingestion points: User-provided files (PDF, DOCX, etc.) are processed by scripts/parse_file.py to extract text.
  • Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore instructions embedded within the processed file content.
  • Capability inventory: The skill has the ability to make network requests to vendor APIs (create_doc.py), write files to the local file system, and execute shell commands for authentication.
  • Sanitization: There is no evidence of sanitization or escaping of the extracted file content before it is passed to the document generation prompt.
  • [COMMAND_EXECUTION]: The authentication module executes system commands to facilitate the login process.
  • Evidence: In scripts/skywork_auth.py, the _open_browser function utilizes subprocess.Popen to call system utilities (open on macOS, start on Windows, and xdg-open on Linux) to open the vendor's authentication URL in the user's browser. While shell=True is used on Windows, the URL is constructed from controlled components.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:16 PM