docling-convert
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'requests' library. This is a standard and well-known dependency.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by converting untrusted document data into Markdown.
- Ingestion points: Reads local files (e.g., 'doc.docx') in SKILL.md.
- Boundary markers: No boundary markers or 'ignore' instructions are present to delimit document content.
- Capability inventory: File system writing (os.makedirs, open) and network communication to localhost.
- Sanitization: No sanitization is applied to the content extracted from processed documents.
Audit Metadata