document-privacy-audit
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted documents (PDF, Office files). Malicious text within these files could attempt to influence the agent's behavior or reporting logic during the analysis phase.\n
- Ingestion points:
scripts/extract_text.pyreads local document files provided via user arguments.\n - Boundary markers: None present in the prompt templates or workflow to separate untrusted document content from agent instructions.\n
- Capability inventory: Subprocess execution of
pdftotext, file reading, and writing operations.\n - Sanitization: The PII scanning script redacts identified sensitive information but does not sanitize the text for potentially malicious prompt instructions.\n- [COMMAND_EXECUTION]: The script
scripts/extract_text.pyexecutes thepdftotextcommand-line utility usingsubprocess.run. This is used for PDF text extraction and is implemented using a list of arguments, which mitigates the risk of shell-based command injection.
Audit Metadata