questionnaire-reading
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill executes as a local document parser, converting user-provided questionnaire files into a structured markdown schema without any malicious side effects.
- [EXTERNAL_DOWNLOADS]: The skill instructions and scripts reference the use of reputable third-party libraries (
python-docx,openpyxl,pdfplumber,polars) from official package registries for file extraction. - [COMMAND_EXECUTION]: The logic is contained within a provided Python script that uses safe file-reading and regex-based parsing; no arbitrary shell command execution or subprocess spawning with user input was detected.
- [DATA_EXFILTRATION]: No network-capable code or libraries are utilized within the skill, ensuring that processed data remains local to the execution environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (questionnaire documents) which are then consumed by the agent. While this creates a theoretical surface for indirect prompt injection if the source documents contain malicious instructions, the skill itself performs no unsafe interpolation or autonomous decision-making that would escalate this beyond an inherent risk of document processing.
Audit Metadata