gemini-document-processing
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill requires the installation of the
google-genai,python-dotenv, andpydanticpackages from PyPI. While these are legitimate packages,google-genaiis associated with a trusted organization (Google), which downgrades this finding per the [TRUST-SCOPE-RULE]. - Indirect Prompt Injection (LOW): The skill is specifically designed to ingest and process untrusted external data in the form of PDF documents.
- Ingestion points: The
scripts/process-document.pyscript takes a--fileargument pointing to local PDF files for analysis. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating document content into the model prompt.
- Capability inventory: The processing script (described in
SKILL.md) has the capability to send document data to an external LLM (Gemini) and output the results, which could be influenced by malicious content inside a PDF. - Sanitization: No mention of content sanitization or validation for the document contents before processing.
Audit Metadata