Skills
skills/jdrhyne/agent-skills/nudocs/Gen Agent Trust Hub

nudocs

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @nutrient-sdk/nudocs-cli package from npm. This is the official CLI tool for the Nudocs service, provided by a well-known technology vendor (Nutrient/PSPDFKit).
  • [COMMAND_EXECUTION]: Executes the nudocs command-line tool to upload, list, and download documents. The documentation in references/formats.md contains examples using a gimme command, which is likely a documentation alias or error and does not impact security.
  • [DATA_EXFILTRATION]: Uploads user-provided document content to https://nudocs.ai for editing and sharing. This is the core functionality of the skill and is directed to the official service domain.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. * Ingestion points: Files downloaded via nudocs pull and subsequently read by the agent. * Boundary markers: None identified in the skill instructions to delimit external content. * Capability inventory: Subprocess execution of the nudocs CLI and local file system access. * Sanitization: No explicit sanitization or filtering of downloaded content is performed before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:52 AM