Skills
skills/duclm1x1/dive-ai/upstage-document-parse/Gen Agent Trust Hub

upstage-document-parse

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill transmits local document content to api.upstage.ai. While this is the primary intended purpose of the skill, the domain is not on the pre-approved whitelist, and users should be aware that their data is sent to a third-party service.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified. The skill ingests untrusted data from external files (PDFs, images, etc.) and provides the extracted text directly to the agent.
  • Ingestion points: The document parameter in sync and async API calls.
  • Boundary markers: Absent. The skill does not instruct the agent to ignore instructions embedded within the parsed text.
  • Capability inventory: The agent can read local files and perform network requests via curl.
  • Sanitization: Not mentioned. The raw output from the API (Markdown/HTML/Text) is returned to the agent context.
  • [COMMAND_EXECUTION] (SAFE): The skill uses curl for communicating with the Upstage API. This is standard behavior for the tool's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 06:45 PM