source-ingestion
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (PDFs, papers, web pages), which constitutes an indirect prompt injection surface.
- Ingestion points: Untrusted content enters the repository via the
sources/directory. - Boundary markers: The workflow does not specify the use of delimiters or instructions to ignore embedded commands in ingested content.
- Capability inventory: The agent is authorized to write to a variety of files in the
wiki/,sources/, andreports/directories and can execute conversion tools. - Sanitization: No sanitization or validation of external content is performed before synthesis.
- [EXTERNAL_DOWNLOADS]: The
pdf-markdown-policy.mdreferences the use of external tools such as Docling and MinerU, noting the security considerations of hosted converters.
Audit Metadata