llamaparse
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted documents (PDF, DOCX, etc.) whose content is returned to the agent's context. This creates a surface for indirect prompt injection, where malicious instructions embedded in a document could hijack the agent's logic.\n
- Ingestion points: File content extracted via the LlamaParse API and returned to the LLM context in SKILL.md.\n
- Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions for the parsed data.\n
- Capability inventory: Includes the ability to generate and execute TypeScript scripts, read local files, and write files to the local system.\n
- Sanitization: No sanitization or filtering is performed on the extracted text before it is presented to the agent.\n- [COMMAND_EXECUTION]: The skill generates and executes a TypeScript script using
npx tsxto manage the file upload and parsing workflow. This execution is performed on the host system and is triggered after user confirmation.\n- [EXTERNAL_DOWNLOADS]: The skill installs the@llamaindex/llama-cloudpackage from the npm registry and retrieves updated API usage guidelines from the LlamaIndex developer documentation site.\n- [DATA_EXFILTRATION]: Reads local documents provided by the user and uploads them to the LlamaIndex cloud infrastructure for parsing. It also requires the use of aLLAMA_CLOUD_API_KEYfor authentication.
Audit Metadata