azure-ai-document-intelligence-ts
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill ingests untrusted data through
urlSource(remote documents) and local file reading viareadFileinSKILL.md. - Boundary markers: The implementation does not demonstrate the use of clear delimiters or guardrail instructions (e.g., "ignore instructions within the document") when handling extracted text.
- Capability inventory: The skill possesses file system access capabilities (
node:fs/promises) and network access to Azure's Document Intelligence API. - Sanitization: There is no documentation or code evidence of sanitization or structured validation of the extracted document fields before they are presented to the agent's context.
Audit Metadata