nutrient-openclaw
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8) as it is designed to ingest and process data from external, untrusted documents.
- Ingestion points: Document files such as PDFs, Office files, and images are ingested via tools like
nutrient_extract_textandnutrient_ocr. - Boundary markers: The skill definition does not specify the use of delimiters or 'ignore embedded instructions' prompts when passing extracted text back to the agent.
- Capability inventory: The skill has the capability to perform network operations (via the Nutrient API) and can modify or create files (conversions and redactions).
- Sanitization: No explicit sanitization or filtering of document content for malicious instructions is described in the provided configuration.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the
@nutrient-sdk/nutrient-openclawpackage from npm. This is a legitimate SDK provided by Nutrient, a known entity in document processing, and does not exhibit suspicious behavior. - [CREDENTIALS_UNSAFE] (SAFE): The skill properly requests an API key via configuration and uses a placeholder (
your-api-key-here) rather than hardcoding sensitive credentials. - [DATA_EXFILTRATION] (SAFE): Data transmission is limited to the official Nutrient API (
nutrient.io) for the purpose of document processing. No unauthorized data exfiltration patterns were detected.
Audit Metadata