Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface due to combining untrusted data ingestion with side-effect capabilities. • Ingestion points: Processes external PDF text, tables, and metadata (SKILL.md). • Boundary markers: No delimiters or warnings are used when processing extracted content. • Capability inventory: The skill can execute CLI tools (qpdf, pdftk) and write files to the local system. • Sanitization: Extracted data is not sanitized before use, allowing embedded adversarial prompts to influence the agent.
- Command Execution (MEDIUM): Use of command-line tools like qpdf and pdftotext increases risk if inputs are not validated.
- Credentials Unsafe (LOW): Examples show passing passwords in command-line arguments, which can be leaked via process monitoring.
Recommendations
- AI detected serious security threats
Audit Metadata