docling-converter
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically installs the
doclinganddocling[ocr]Python packages from PyPI if they are not already installed. These libraries are provided by IBM Research, a well-known technology organization, and are required for the skill's document processing features. - [COMMAND_EXECUTION]: The skill executes shell commands to manage its environment and perform conversions. This includes environment checks, package installation using the
--break-system-packagesflag, and the execution of a dynamically generated Python script located at.gemini/tmp/docling_convert.py. - [PROMPT_INJECTION]: This skill introduces a surface for indirect prompt injection because it processes untrusted files (PDF, Word, Excel, etc.) and returns the extracted text to the agent's context.
- Ingestion points: External files are parsed into Markdown or JSON via the Docling engine as described in
SKILL.md. - Boundary markers: Extracted document content is provided to the agent without specialized boundary markers or instructions to ignore embedded commands.
- Capability inventory: The skill is capable of executing shell commands, installing external software, and performing file system writes.
- Sanitization: No sanitization or safety filtering is performed on the text extracted from documents before it is ingested by the agent.
Audit Metadata