Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard command-line utilities such as qpdf, pdftk, and poppler-utils (pdftotext, pdftoppm, pdfimages) for PDF manipulation and conversion tasks.
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference several trusted and widely-used libraries including pypdf, pdfplumber, reportlab, pdf2image, pytesseract, and pandas.
- [REMOTE_CODE_EXECUTION]: A monkeypatch is used in scripts/fill_fillable_fields.py on the pypdf library to resolve a bug with selection list fields; this is a localized and documented modification of library code.
- [PROMPT_INJECTION]: The skill's primary function involves processing external PDF files, which creates an attack surface for indirect prompt injection. 1. Ingestion points: PDF content is read using pypdf, pdfplumber, and system utilities. 2. Boundary markers: No explicit boundary markers are used during extraction. 3. Capability inventory: The skill can write files and execute system commands for processing. 4. Sanitization: Extracted content is not sanitized before further processing.
Audit Metadata