docling
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as documentation for the Docling document parsing tool. All code examples and references use legitimate, well-known libraries and services.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is parsing external, untrusted documents (PDF, HTML, etc.) and converting them to structured formats. This represents an inherent indirect prompt injection surface where a malicious document could contain instructions intended to influence the agent processing the output.
- Ingestion points: Functions like
converter.convert(source)andconverter.convert_all(sources)inSKILL.mdandreferences/parsing.mdallow the ingestion of local files and remote URLs. - Boundary markers: No explicit instructions for the agent to ignore embedded instructions within processed documents are provided in the examples.
- Capability inventory: The skill documentation demonstrates file-writing capabilities (
save_as_markdown,save_as_html,save_as_jsoninreferences/output.md) and network access for document retrieval. - Sanitization: No specific sanitization or filtering of document content is described prior to conversion.
- [EXTERNAL_DOWNLOADS]: The skill mentions downloading model artifacts from Hugging Face (
ds4sd/SmolDocling-256M-preview) and installing standard packages likedocling-core. These are operations involving well-known and trusted technology providers.
Audit Metadata