reading-receipt
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local command-line utility named
shinkokuto perform text extraction and image conversion on PDF documents. - [PROMPT_INJECTION]: As the skill parses text and images from external financial documents, it presents a surface for indirect prompt injection where embedded text could attempt to influence the agent's behavior.
- Ingestion points: Data enters the context via the
shinkoku pdf extract-textcommand and image processing through the vision-capableReadtool. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands when processing the extracted text.
- Capability inventory: The skill can execute local CLI commands (
shinkoku) and read file contents from the system. - Sanitization: There is no mention of sanitizing or validating the text extracted from documents before it is used to generate structured data.
Audit Metadata