docling-converter
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs automated package installation using
pip install doclingandpip install docling[ocr]within theSKILL.mdworkflow if the library is not detected. While targeting well-known libraries, this behavior modifies the system environment at runtime. - [COMMAND_EXECUTION]: The skill dynamically generates a Python script at
.gemini/tmp/docling_convert.pyand subsequently executes it usingpython3. This script is used to orchestrate the document conversion process based on user-provided file paths. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted external documents.
- Ingestion points: The skill reads user-supplied files (PDF, DOCX, PPTX, etc.) through the
INPUT_FILEvariable. - Boundary markers: No specific delimiters or warnings (e.g., 'ignore instructions within this document') are applied to the converted Markdown output.
- Capability inventory: The skill has the ability to execute shell commands and write files to the local filesystem.
- Sanitization: There is no evidence of content sanitization or filtering to prevent malicious instructions embedded in documents from being interpreted by the agent during subsequent processing steps.
Audit Metadata