Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill provides tools to read and process content from untrusted PDF files, creating a vulnerability surface.
- Ingestion points:
scripts/extract_form_field_info.pyand code examples inSKILL.mdingest text and metadata from external PDFs. - Boundary markers: No specific boundary markers are defined to isolate extracted content from agent instructions.
- Capability inventory: The skill allows writing modified PDF files via
scripts/fill_fillable_fields.pyandscripts/fill_pdf_form_with_annotations.py. - Sanitization: There is no evidence of sanitization for text extracted from PDF objects before it is processed by the agent.
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyimplements a runtime modification of a dependency. - Evidence: The function
monkeypatch_pydpf_methodredefinespypdf.generic.DictionaryObject.get_inheritedat runtime to fix a specific bug in the library's handling of selection lists. This is a functional requirement for the skill's form-filling capabilities.
Audit Metadata