The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION] (LOW): The tool processes untrusted input data from files without sanitization. Ingestion points: scripts/generate_pdf.py reads content from the --input and --css file paths. Boundary markers: None present to distinguish between data and instructions. Capability inventory: The script performs file reads (Path.read_text) and file writes via weasyprint and reportlab. Sanitization: No sanitization or HTML escaping is performed on the input content before it is rendered into a PDF. An attacker could embed HTML tags (e.g., <img src='file:///etc/passwd'>) that weasyprint might resolve, resulting in sensitive local file content being leaked into the generated PDF document.
[DATA_EXPOSURE] (LOW): The script facilitates reading arbitrary local files via the --input argument. While this is the intended function for a document converter, an agent could be manipulated to target sensitive system files (e.g., .env, ~/.ssh/config), effectively converting private credentials into a readable PDF format.
[EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, reputable Python libraries (weasyprint, markdown, reportlab) available through PyPI. No suspicious or unverified third-party dependencies were detected.

pdf-generator