document-ai
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (INFO): No malicious patterns, unauthorized network calls, or exfiltration vectors were found. The skill is focused on enforcing security best practices for AI-driven document understanding.\n- Indirect Prompt Injection (LOW): The skill defines a workflow for ingesting and processing untrusted document data, which is an inherent attack surface for indirect prompt injection.\n
- Ingestion points: PDF parsing, OCR, and invoice extraction (referenced in
SKILL.md).\n - Boundary markers: None are explicitly defined in the prompt instructions provided.\n
- Capability inventory: Document understanding and structured data extraction; no dangerous execution capabilities are exposed.\n
- Sanitization: The skill promotes sanitization through size/page limits and schema validation rules defined in
references/validations.md.\n- Metadata Poisoning (LOW):SKILL.mdreferences two missing files (patterns.mdandsharp_edges.md) as required sources of truth. This causes incomplete instruction grounding but does not appear to be a deceptive attempt to hide malicious intent.
Audit Metadata