Skills
skills/aig787/agpm/pdf-processor/Gen Agent Trust Hub

pdf-processor

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFE
Full Analysis
  • [Indirect Prompt Injection] (SAFE): The skill processes untrusted PDF files, creating a potential surface for indirect prompt injection if the extracted text is processed by an AI without sanitization.
    • Ingestion points: extract_text_pypdf2, extract_text_pdfplumber, and ocr_pdf functions in SKILL.md read content from external files.
    • Boundary markers: The code snippets do not include logic for wrapping extracted content in protective delimiters or providing instructions to ignore embedded commands.
    • Capability inventory: The skill includes file-writing capabilities via PyPDF2.PdfWriter and standard open() calls in functions like fill_form_fields and split_pdf.
    • Sanitization: No sanitization of the extracted PDF content is implemented in the provided examples.
  • [External Downloads] (SAFE): The skill recommends installing standard, trusted Python libraries (PyPDF2, pdfplumber, PyMuPDF, pytesseract, pillow) which are necessary for the stated PDF processing functionality.
  • [Data Exposure & Exfiltration] (SAFE): File access is limited to reading and writing PDF documents as required by the tool's intended purpose. No network-based exfiltration or credential exposure was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 07:20 AM