Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses established Python and JavaScript libraries for PDF processing. All file operations are restricted to paths provided via command-line arguments, and no network exfiltration patterns were identified.
- [SAFE]: The script
scripts/fill_fillable_fields.pyincludes a runtime monkeypatch of thepypdflibrary. This is a documented workaround for a specific bug inpypdf's handling of selection lists and does not involve untrusted input or malicious redirection. - [PROMPT_INJECTION]: The skill documentation in
forms.mduses imperative language and markers like 'CRITICAL: You MUST'. These are instructional for the agent's workflow rather than attempts to bypass safety filters or jailbreak the model. - [PROMPT_INJECTION]: As the skill processes and extracts text from external PDF files, it possesses a surface for indirect prompt injection. Malicious instructions embedded within a PDF document could potentially be interpreted by the agent during processing. This is a known risk for document-parsing tools and is managed by the agent's internal safety protocols.
Audit Metadata