Skills
skills/andrewyng/context-hub/document-extraction/Gen Agent Trust Hub

document-extraction

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of external documents (PDFs, images, etc.) which are parsed into Markdown. This creates a surface for potential indirect prompt injection from malicious document content. This is an inherent characteristic of document processing tools.
  • Ingestion points: client.parse in SKILL.md accepts local paths or remote document_url inputs.
  • Boundary markers: Extracted text is not explicitly delimited with instructions to ignore embedded commands.
  • Capability inventory: Includes network API requests and local file writing for saving outputs.
  • Sanitization: Extracted Markdown is returned as-is without content filtering.
  • [EXTERNAL_DOWNLOADS]: The tool can download documents from remote URLs and retrieve processed data from presigned S3 URLs. These operations are essential to the skill's functionality and target the vendor's infrastructure or user-specified locations.
  • [COMMAND_EXECUTION]: The documentation includes standard setup commands for installing Python dependencies (landingai-ade, python-dotenv, pymupdf) and initializing environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:34 AM