doc-mindmap
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8).
- Ingestion points: The script
scripts/doc_converter.pyingests untrusted external data from various document formats (.pdf, .docx, .pptx). - Boundary markers: There is no evidence of delimiters or instructions to ignore embedded commands within the processed documents.
- Capability inventory: The skill has the capability to read local files, create directories, create symlinks, copy directories to the
~/Desktop, and execute shell commands likeopen. - Sanitization: No sanitization or validation of document content is documented before it is passed to the Ollama model or used for classification names.
- [COMMAND_EXECUTION] (MEDIUM): The skill's workflow involves executing a local Python script with multiple flags that modify the file system and running shell commands (
cp -a,open) on user directories. - [EXTERNAL_DOWNLOADS] (LOW): The skill requires external dependencies including
markitdownandollama. While these are from trusted sources (Microsoft and Ollama), they involve installing executable code on the host system. - [DATA_EXFILTRATION] (MEDIUM): The skill utilizes the
requestslibrary. While intended for local Ollama API communication, this capability combined with the ingestion of sensitive documents from~/Documentscreates a potential path for data exfiltration if the underlying script is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata