document-image-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted documents (.docx and .pdf), creating a surface for indirect prompt injection.\n
- Ingestion points:
extract_from_docxandextract_from_pdfinscripts/extract_images.pyingest file paths and process document content.\n - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore commands embedded within the documents.\n
- Capability inventory: The script can create directories and write files to the local file system via
Path.mkdirandopen(..., "wb").\n - Sanitization: Absent. The script relies on third-party libraries (
python-docx,pymupdf) for parsing without additional validation of the file contents or metadata.\n- [DYNAMIC_EXECUTION]: The script disables security guardrails designed to prevent resource exhaustion attacks.\n - Evidence:
Image.MAX_IMAGE_PIXELS = Noneinscripts/extract_images.pydisables Pillow's protection against "decompression bomb" attacks. This allows the processing of images with extreme dimensions, which could lead to memory exhaustion and a Denial of Service (DoS) when a malicious document is processed.
Audit Metadata