docling
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill possesses a high vulnerability to indirect prompt injection by processing untrusted external content.
- Ingestion points: The skill uses docling to fetch and parse content from URLs and files.
- Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat the parsed content as untrusted.
- Capability inventory: The agent has CLI execution capabilities and network access.
- Sanitization: No sanitization of extracted content is performed.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the docling CLI tool to perform its tasks. While specific commands are suggested, an agent could potentially be manipulated into executing arbitrary commands or risky flags if not strictly constrained.
- EXTERNAL_DOWNLOADS (MEDIUM): Installation of the docling package and its subsequent runtime download of machine learning models from external repositories constitute unverifiable dependencies from a non-trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata