batch-processor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided document files (PDFs, images, etc.) which introduces a surface for indirect prompt injection.\n
- Ingestion points: Reads files from specified input directories using "Path.glob" and processing workers in "SKILL.md".\n
- Boundary markers: The provided implementation snippets do not include explicit delimiters or instructions to ignore embedded prompts within the processed files.\n
- Capability inventory: The skill performs file system reads/writes for document access and checkpointing, and executes parallel subprocesses using "ProcessPoolExecutor".\n
- Sanitization: There is no evidence of content sanitization or validation of the data extracted from documents before it is potentially used in downstream agent actions.\n- [EXTERNAL_DOWNLOADS]: Installs well-known document processing libraries including "python-docx", "openpyxl", "python-pptx", "reportlab", and "jinja2" from standard package registries.
Audit Metadata