nutrient-document-processing
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official Nutrient MCP server package (@nutrient-sdk/dws-mcp-server) from the npm registry via npx. This is a legitimate dependency for a well-known document processing service.
- [COMMAND_EXECUTION]: Employs standard curl commands to interact with the official Nutrient API for document conversion and processing. All commands are transparent and aligned with the skill's stated purpose.
- [DATA_EXFILTRATION]: Document data is sent to the verified and well-known service domain api.nutrient.io for processing. This behavior is consistent with the skill's intended functionality and does not constitute unauthorized data exfiltration.
- [SAFE]: No prompt injection, obfuscation, or persistence mechanisms were detected. The skill uses appropriate placeholders for sensitive API keys.
Audit Metadata