Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill provides standard documentation for PDF manipulation. No evidence of malicious intent, data exfiltration, or obfuscation was found in the provided file.
- [Indirect Prompt Injection] (LOW): The skill's primary function of reading and extracting text from PDFs creates a vulnerability surface for indirect prompt injection.
- Ingestion points: Untrusted data is ingested through
pypdf.PdfReader,pdfplumber.open, andpytesseractviaconvert_from_path. - Boundary markers: Code snippets do not implement delimiters or safety instructions to distinguish extracted PDF text from system prompts.
- Capability inventory: The skill provides capabilities for local file read/write operations and subprocess execution of command-line tools like
qpdf,pdftotext, andpdftk. - Sanitization: No input sanitization or validation of the content extracted from PDF documents is present.
Audit Metadata