paperless-search
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqcommands to interact with the Paperless-ngx REST API for searching, listing correspondents, and fetching document content. These operations are essential for the skill's intended functionality. - [SAFE]: The skill manages its configuration (API URL and token) in
~/.config/paperless-search/config.json. This is a dedicated path for the skill and follows standard practices for local credential storage without accessing generic sensitive system files. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it fetches raw document content from an external API (
/api/documents/{id}/). Malicious text within stored documents could potentially influence agent behavior. - Ingestion points: SKILL.md (API examples fetching document content via curl)
- Boundary markers: Absent; the instructions do not use delimiters to wrap retrieved document content
- Capability inventory: Shell command execution (curl, jq), directory management (mkdir), and file writing (cat) specified in SKILL.md
- Sanitization: Absent; no instructions are provided to sanitize or validate the content retrieved from the document archive before it is processed by the agent
Audit Metadata