rag-parse
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@llamaindex/liteparseglobal package from the npm registry. This is a recognized package from LlamaIndex, a well-known organization in the AI ecosystem. - [EXTERNAL_DOWNLOADS]: Recommends installing standard system utilities such as LibreOffice and ImageMagick via official package managers (Homebrew, apt) to support Office document and image conversion.
- [COMMAND_EXECUTION]: The skill generates shell commands using the
litCLI tool to parse, batch process, and screenshot documents. This involves executing subprocesses which is the primary intended functionality of the tool. - [COMMAND_EXECUTION]: The skill processes unstructured files (PDF, DOCX, XLSX, etc.) which presents a surface for indirect prompt injection where malicious instructions could be embedded in the parsed documents.
- Ingestion points: SKILL.md (via
lit parseandlit batch-parsecommands) - Boundary markers: Absent; the skill does not explicitly provide delimiters or warnings to ignore instructions found within the document content.
- Capability inventory: SKILL.md (executes shell commands, writes output files to the filesystem)
- Sanitization: Absent; the extracted text is intended to be used directly by the agent.
Audit Metadata