long-document-llm-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill defines a data pipeline that ingests untrusted PDF data for LLM processing, which creates an indirect prompt injection surface. 1. Ingestion points: External PDF files processed via pymupdf4llm.to_markdown. 2. Boundary markers: The pipeline uses structural delimiters such as 'Document:', 'Section:', and '---' markers, but lacks explicit instructions for the model to ignore instructions embedded within the extracted text. 3. Capability inventory: The demonstrated capabilities are limited to text manipulation and Anthropic API calls; no dangerous system-level execution or unauthorized file access patterns are present. 4. Sanitization: No input validation or sanitization logic is mentioned for the content extracted from the documents.
Audit Metadata