rw-integrate-documents
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains instructional content and code snippets for using the RunwayML SDK in Node.js and Python. The logic follows standard API integration patterns for document management.
- [SAFE]: External dependencies identified (@runwayml/sdk and runwayml) are official vendor resources belonging to the skill author, runwayml.
- [DATA_EXPOSURE]: The skill includes examples for reading local files (e.g., './knowledge/product-faq.md'). This is consistent with the skill's primary purpose of uploading local knowledge base documents and does not target sensitive system paths or credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill describes a workflow where external document content is ingested to influence AI Avatar responses. This constitutes a standard knowledge-retrieval surface.
- Ingestion points: Local file system via
fs.readFileSyncorPath.read_text, and HTTP request bodies in the Express.js example. - Boundary markers: None are explicitly defined in the provided code snippets to distinguish document content from system instructions.
- Capability inventory: The skill uses file system tools (
Read,Write,Edit) to manage local knowledge files. The resulting documents are used by thegwm1_avatarsmodel for context. - Sanitization: No explicit sanitization or validation of the document content is demonstrated in the examples.
Audit Metadata