source-ingestion

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (PDFs, papers, web pages), which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted content enters the repository via the sources/ directory.
  • Boundary markers: The workflow does not specify the use of delimiters or instructions to ignore embedded commands in ingested content.
  • Capability inventory: The agent is authorized to write to a variety of files in the wiki/, sources/, and reports/ directories and can execute conversion tools.
  • Sanitization: No sanitization or validation of external content is performed before synthesis.
  • [EXTERNAL_DOWNLOADS]: The pdf-markdown-policy.md references the use of external tools such as Docling and MinerU, noting the security considerations of hosted converters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:06 AM
Security Audit — agent-trust-hub — source-ingestion