document-processing
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for document manipulation using utilities like qpdf, pandoc, and libreoffice. It explicitly recommends running 'sudo apt-get install' for system-level dependency installation, which is a privilege escalation vector.\n- [COMMAND_EXECUTION]: The skill references and executes several local Python scripts that are not provided in the skill files, such as 'ooxml/scripts/unpack.py', 'scripts/thumbnail.py', and 'recalc.py', creating a dependency on external, unverified code.\n- [EXTERNAL_DOWNLOADS]: The instructions require downloading and installing third-party packages from NPM and PyPI, including pypdf, pdfplumber, reportlab, pytesseract, pdf2image, markitdown, pandas, openpyxl, docx, and pptxgenjs.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from PDF, DOCX, XLSX, and PPTX files. This provides an attack surface for indirect prompt injection where malicious content within a document could manipulate agent behavior. Ingestion occurs via pdfplumber, pandas, and pandoc. No sanitization or boundary markers are established to mitigate this risk.
Recommendations
- AI detected serious security threats
Audit Metadata