multimodal-corpus-ingestion
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow involves ingesting and processing untrusted external data such as PDFs, screenshots, and remote downloads, which creates an indirect prompt injection attack surface where malicious content within those files could attempt to influence the agent's behavior during extraction.
- Ingestion points: The process ingests mixed corpora including Markdown, documents, ADRs, PDFs, screenshots, and remote files (SKILL.md).
- Boundary markers: The instructions do not explicitly mandate the use of boundary delimiters or 'ignore' instructions to isolate untrusted data from the extraction prompts.
- Capability inventory: The pipeline utilizes LLM-assisted and vision-assisted extraction, and it specifically mentions managing remote downloads.
- Sanitization: No specific sanitization or filtering of the content within the artifacts is described prior to processing by the model.
- [NO_CODE]: This skill consists entirely of instructional Markdown content and does not include any scripts, executables, or code-based implementation files.
Audit Metadata