Skills
skills/pspdfkit-labs/nutrient-agent-skill/nutrient-document-processing/Gen Agent Trust Hub

nutrient-document-processing

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The MCP server configuration utilizes npx to execute the @nutrient-sdk/dws-mcp-server package, which is an official vendor resource.
  • [DATA_EXFILTRATION]: Document processing involves transmitting user-provided files to the official API at https://api.nutrient.io/build, which is the core functionality of the skill.
  • [COMMAND_EXECUTION]: The documentation provides curl examples for interacting with the Nutrient API to perform document tasks.
  • [PROMPT_INJECTION]: The document processing workflow presents a surface for indirect prompt injection.
  • Ingestion points: Document files uploaded via curl or MCP (SKILL.md).
  • Boundary markers: No delimiters are specified to isolate document content from agent instructions.
  • Capability inventory: Document conversion and PII redaction via the Nutrient API.
  • Sanitization: No explicit sanitization of document content is described in the skill configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 09:27 PM