paperless
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill documentation specifies that it retrieves PAPERLESS_TOKEN and PAPERLESS_URL from
~/.secrets.env. Direct access to files containing secrets on the host system is a significant security risk for credential exposure. - [COMMAND_EXECUTION] (MEDIUM): The skill uses the Bash tool to execute
paperless-cli. The provenance and integrity of this CLI tool are not defined in the skill package, creating a dependency on unverified external code that could perform unauthorized actions. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by reading extracted text content from arbitrary documents. 1. Ingestion points: Extracted text content from documents retrieved via
paperless-cli. 2. Boundary markers: Absent. 3. Capability inventory: Bash tool access, file downloads, and metadata modification. 4. Sanitization: No sanitization or safety delimiters are described for processed document text.
Recommendations
- AI detected serious security threats
Audit Metadata