Skills
skills/melodic-software/claude-code-plugins/document-extraction/Gen Agent Trust Hub

document-extraction

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Large attack surface for Indirect Prompt Injection detected. The skill's primary function is to ingest and analyze untrusted external content, which could contain malicious instructions. (1) Ingestion points: Document content is retrieved via Read and WebFetch tools as described in SKILL.md. (2) Boundary markers: The prompt templates in references/extraction-prompts.md (e.g., Core Extraction Prompt) do not utilize delimiters such as triple quotes or XML tags to isolate document content from instructions, nor do they include explicit warnings to the agent to ignore embedded commands. (3) Capability inventory: The skill allows use of WebFetch, Read, Write, and Task tools, which provides a path for exfiltration if an injection succeeds. (4) Sanitization: No content validation or sanitization is mentioned or implemented.
  • [DATA_EXFILTRATION] (LOW): The skill utilizes the WebFetch tool for retrieving web content from arbitrary URLs without domain whitelisting. This capability presents a risk of data exfiltration if the agent is manipulated via an indirect prompt injection contained within a processed document.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:13 PM