Processing Documents
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities detected in the skill instructions or code snippets. All code examples use industry-standard libraries for their intended purposes.
- [INDIRECT_PROMPT_INJECTION]: The skill inherently handles untrusted data through document parsing, creating an attack surface for indirect prompt injection if the output is processed by an LLM.
- Ingestion points: The skill ingests data from external files using libraries such as
pdf-lib,exceljs, anddocxtemplaterviafs.readFileand buffer loading. - Boundary markers: Code snippets do not include explicit delimiters or instructions to ignore embedded commands in the processed documents.
- Capability inventory: The skill demonstrates capabilities for reading and writing local files using the
fsmodule and processing document buffers. - Sanitization: While code snippets lack explicit sanitization, the 'Best Practices' section correctly identifies the need to sanitize filenames and validate file types as a security measure.
Audit Metadata