pdf-extractor

The PDF extraction skill demonstrates coherent purpose-capability alignment: multi-backend PDF text extraction with OCR support, and concrete CLI/Python usage. The installation flow relies on standard tools (uv, pip) to install dependencies and optional GPU models, which is typical for such tooling but introduces supply-chain risk if sources aren’t verifiably trustworthy. Data flows are predominantly local (PDF → MD outputs) with no explicit external data exfiltration. Overall, the footprint is proportionate to the stated purpose, with some elevated risk from multi-backend dependency installation and large optional model assets. Treat as BENIGN with MEDIUM security risk due to install-time dependencies and potential unverifiable assets; monitor for strict source-pinning and checksum verification in real deployments.