document-parsers
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [Privilege Escalation] (HIGH): The script
scripts/setup-unstructured.shexecutessudo apt-get installto install system dependencies (poppler-utils, libmagic, tesseract-ocr). Running commands with elevated privileges is a high-risk activity for AI agent skills. - [Credential Exposure] (MEDIUM):
scripts/setup-llamaparse.shprompts the user for an API key and writes it directly to a.envfile. While standard for many applications, this handles sensitive credentials in plain text on the local filesystem. - [Dynamic Code Execution] (MEDIUM): Both
scripts/setup-llamaparse.shandscripts/setup-unstructured.shuse 'heredocs' to generate and then execute new Python scripts (test_llamaparse.pyandtest_unstructured.py) at runtime to verify the installation. - [Data Exposure & Exfiltration] (LOW):
scripts/parse-html.pyuses therequestslibrary to fetch content from arbitrary URLs provided by the user. This constitutes a network operation to non-whitelisted domains. - [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection.
- Ingestion points:
scripts/parse-docx.py(DOCX files) andscripts/parse-html.py(external URLs and HTML files). - Boundary markers: Absent; the scripts extract and concatenate text directly into output strings.
- Capability inventory: File writing (
--outputflag), network requests (requests.get), and system command execution (via the associated setup scripts). - Sanitization: No sanitization or escaping of the extracted text is performed before it is formatted for output (JSON/Markdown/Text).
Recommendations
- AI detected serious security threats
Audit Metadata