Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions guide the agent to execute multiple local Python scripts (e.g.,
extract_form_field_info.py,fill_fillable_fields.py) and system utilities (such asqpdf,pdftotext,pdftoppm, andmagick) to process PDF files. These commands are necessary for the skill's stated purpose of PDF manipulation. - [EXTERNAL_DOWNLOADS]: The documentation references several well-known and standard libraries including
pypdf,pdfplumber,reportlab,pytesseract, andpdf2image. These are reputable packages for PDF processing and OCR. No unverified or suspicious remote code execution patterns were detected. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from external PDF files (text labels, metadata, and form field IDs) and instructs the agent to analyze this content to determine field purposes. A maliciously crafted PDF could contain instructions designed to influence the agent's behavior. The instructions lack explicit boundary markers or sanitization steps to isolate this untrusted content.
- Ingestion points:
scripts/extract_form_field_info.pyandscripts/extract_form_structure.pyextract text and metadata from PDFs. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions found within the processed PDF data.
- Capability inventory: The agent has the ability to execute shell commands and read/write local files.
- Sanitization: Absent. Extracted text is used directly for analysis.
Audit Metadata