doc-to-text
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the xlsx package from the official SheetJS CDN (https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz). SheetJS is a well-known service, and this distribution method is a common alternative to the standard registry.
- [PROMPT_INJECTION]: The skill extracts text from untrusted document formats (PDF, Word, Excel, Images) and returns it to the agent without sanitization, creating an indirect prompt injection surface where malicious instructions hidden in documents could influence agent behavior. Ingestion points: src/lib.ts reads file buffers from the local filesystem. Boundary markers: No delimiters or safety instructions are added to the extracted content. Capability inventory: The skill has filesystem read access. Sanitization: No sanitization or filtering is performed on the extracted text.
- [PROMPT_INJECTION]: The SKILL.md file contains a Knowledge Protocol section that provides specific behavioral instructions to the agent regarding data management and secret prioritization.
Audit Metadata