document-granular-decompose
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from external documents (PDF, Word, etc.) and returns the full text to the agent, creating a surface for indirect prompt injection where a malicious document could contain instructions intended to override agent behavior.\n
- Ingestion points: Untrusted data enters the agent context via the text extraction functionality in
scripts/mineru_fulltext_extract.pywhich reads local files.\n - Boundary markers: The skill does not implement delimiters or 'ignore embedded instructions' warnings for the returned text.\n
- Capability inventory: The skill script has file read, file write, and network POST capabilities (utilizing
urllib.request).\n - Sanitization: No validation or filtering is applied to the extracted content before it is provided to the agent.
Audit Metadata