nudocs
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @nutrient-sdk/nudocs-cli package via npm. This package is managed by the reputable organization PSPDFKit and is used for its intended purpose of communicating with the Nudocs service.
- [COMMAND_EXECUTION]: The skill utilizes the nudocs command-line tool to perform document-related tasks such as uploading files and fetching updated content. These commands are consistent with the skill's stated purpose.
- [CREDENTIALS_UNSAFE]: The skill manages an API key which is stored locally in the user's home directory (~/.config/nudocs/api_key) or provided through an environment variable. This is a common and safe practice for CLI-based integrations.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves content from an external source (Nudocs documents) and processes it. While this is a common characteristic of document handling tools, there is no evidence of malicious payload or bypass attempts in the provided code.
Audit Metadata