managing-media
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill handles untrusted external data which could contain malicious instructions.
- Ingestion points: Document viewers in 'references/office-viewer.md' (Word to HTML) and 'references/pdf-viewer.md' (Text search) process external file content.
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the provided snippets.
- Capability inventory: The skill includes scripts with file system access ('scripts/validate_media_accessibility.js') and examples with network capabilities ('examples/s3-direct-upload.tsx').
- Sanitization: The Mammoth.js example uses 'dangerouslySetInnerHTML' to render converted HTML without sanitization, creating a surface for XSS or instruction injection.
- External Downloads (LOW): Examples like 'examples/pdf-react.tsx' and 'references/pdf-viewer.md' load the PDF.js worker script from 'cdnjs.cloudflare.com', which is an external dependency not included in the trusted organization list.
- Data Exfiltration (LOW): The 'references/office-viewer.md' example implementation sends the URL of potentially sensitive documents to Microsoft and Google's public viewing services, which may expose private metadata or content to third parties.
- Command Execution (LOW): Utility scripts like 'scripts/generate_mock_images.py' and 'scripts/validate_media_accessibility.js' perform file system operations based on user-provided path arguments, which could be exploited for unauthorized file access if path traversal is not handled by the agent.
Audit Metadata