kreuzberg
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples of shell commands utilizing the 'kreuzberg' CLI tool for tasks like text extraction, document chunking, and metadata identification. It also includes a Python script template for post-processing JSON output to save image files.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by design, as it enables the AI agent to ingest text from 91+ different external document formats. Maliciously crafted documents could contain hidden instructions aimed at manipulating the agent's behavior when the extracted text is processed.
- Ingestion points: Multiple commands in 'SKILL.md' (e.g., 'kreuzberg extract', 'kreuzberg batch') read external files into the agent's context.
- Boundary markers: The provided examples do not include explicit boundary markers or instructions to the agent to disregard instructions within the extracted content.
- Capability inventory: The skill primarily uses shell command execution via the 'kreuzberg' CLI to perform operations.
- Sanitization: No evidence of sanitization or validation of the extracted document content is mentioned before it is presented to the LLM or agent.
Audit Metadata