Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external PDF files and images, which creates a surface for indirect prompt injection attacks where malicious instructions hidden in the documents could be interpreted and executed by the agent. 1. Ingestion points: PDF content is ingested via scripts/extract_form_field_info.py, scripts/extract_form_structure.py, and scripts/convert_pdf_to_images.py. 2. Boundary markers: No explicit delimiters or instructions are provided to differentiate document content from system prompts. 3. Capability inventory: The skill has the ability to write to the file system, execute command-line tools (qpdf, pdftotext, magick), and perform OCR. 4. Sanitization: Extracted text and image data are not sanitized before processing by the agent.
- [REMOTE_CODE_EXECUTION]: The script scripts/fill_fillable_fields.py employs dynamic code execution by monkeypatching the pypdf library's DictionaryObject.get_inherited method at runtime to modify how choice field attributes are handled.
Audit Metadata