reading-withholding
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a command-line utility named 'shinkoku' to perform text extraction from PDFs and convert PDF documents into image files. This involves executing subprocesses with file paths provided as arguments.
- [PROMPT_INJECTION]: The skill processes untrusted external data from images and PDF files, which introduces a surface for indirect prompt injection where a document could contain hidden instructions targeting the agent. 1. Ingestion points: Local image and PDF file paths processed through OCR and text extraction. 2. Boundary markers: The skill does not implement explicit delimiters or instructions to ignore potential commands embedded within the documents being analyzed. 3. Capability inventory: The skill has the ability to execute shell commands, read files from the filesystem, and spawn sub-agents for parallel verification. 4. Sanitization: No sanitization or validation of the extracted document content is mentioned before the data is processed by the LLM or verification agents.
Audit Metadata