doc-to-repo
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (PDF, PPTX, DOCX, images) which may contain hidden instructions that could influence the agent during the analysis and metadata generation phases.
- Ingestion points: External files processed in Step 4 (SKILL.md), including PDF, PPTX, DOCX, and images.
- Boundary markers: Absent. The agent is not instructed to use delimiters or specific ignore-instructions when analyzing the raw content for metadata generation in Step 6.
- Capability inventory:
Bash(command execution),Write(file system modification),Read(file access),Edit. - Sanitization: Absent. Raw content is extracted directly into
raw.mdand processed without filtering. - [Command Execution] (LOW): The skill utilizes
python3 -cvia theBashtool to perform extraction logic for PPTX and DOCX files. This involves executing dynamically generated Python strings at runtime. - [External Downloads] (LOW): The skill suggests the installation of
python-pptxandpython-docxPython packages if they are not already present in the environment. These are standard libraries used for document parsing.
Audit Metadata