Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external PDF files and extracts text content using libraries like pypdf and pdfplumber. This text is then provided to the agent. If a PDF contains hidden or adversarial instructions, the agent might execute them as if they were valid directives.
- Ingestion points: Text and table extraction logic in scripts/extract_form_structure.py, scripts/extract_form_field_info.py, and the main SKILL.md guide.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are implemented in the provided scripts or prompts.
- Capability inventory: The skill utilizes file write operations (pypdf.PdfWriter) and encourages the use of shell command execution for its scripts.
- Sanitization: There is no evidence of text validation or sanitization to prevent malicious content from influencing the agent's behavior.
- [COMMAND_EXECUTION]: The skill relies on local script execution and command-line utilities (qpdf, poppler-utils, ImageMagick). While these are standard tools, they are invoked with arguments (filenames and paths) that could be manipulated if not properly handled by the agent's shell execution environment.
Audit Metadata