extract-to-md
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external PDFs and web content.
- Ingestion points: Processes external PDF files, web-exported content, and copied text as defined in
SKILL.md. - Boundary markers: There are no explicit instructions to the agent to ignore or delimit instructions found within the source documents.
- Capability inventory: The skill writes files (Markdown output and
xxx-assets/directory) and generates scripts in atmp/directory. - Sanitization: No sanitization or validation of the input text is described before it is processed or used in structure building.
- [COMMAND_EXECUTION]: The skill mentions generating and storing scripts or temporary files during the extraction process.
- Evidence:
SKILL.mdstates that generated scripts and temporary files are stored in atmp/directory for cleanup later. This indicates the agent may create and execute local scripts (e.g., Python or Shell) to handle PDF parsing and image extraction tasks.
Audit Metadata