document-indexer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by indexing external file content that may contain malicious instructions designed to influence the agent.
- Ingestion points: The
index-add.jsscript reads file content directly into the indexing system. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat indexed content as untrusted data.
- Capability inventory: The skill performs file system reads and writes in
index-add.jsand provides search results to the agent's context. - Sanitization: Absent; no filtering or escaping is performed on the text extracted from documents.
- [DATA_EXFILTRATION]: The skill can be used to index sensitive files if the agent is provided with their paths, such as configuration files or credentials. The indexed data, including keywords and content previews, is stored in a plaintext file at
/tmp/document-index.jsonl, which is a shared system location, resulting in potential local data exposure. - [COMMAND_EXECUTION]: The skill consists of multiple standalone Node.js scripts that process command-line arguments to interact with the file system and manage the document index.
Audit Metadata