pdf-ppt
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Deceptive metadata poisoning found in
pdf-ppt_audit_result_v1.json. This file is crafted to appear as a valid security audit result from a tool called 'skill-auditor@1.0', claiming a 'PASS' verdict on security and stability. This is a self-referential injection attempt designed to influence the analyzer's judgment and bypass security checks. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external PDF files.
- Ingestion points: Text, legends, and images are extracted from user-provided PDFs using tools like PyMuPDF and GROBID as described in
references/offline-parsing.md. - Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' directives for the data extracted from the PDFs.
- Capability inventory: The agent has the capability to read from the local file system, write structured data (JSON/JPG), and invoke a secondary skill for PPTX editing at
D:\SKILL\project\PPTX\SKILL.md. - Sanitization: The skill lacks explicit sanitization or validation logic to filter out potentially malicious instructions embedded within the research papers before they are processed for slide generation.
Audit Metadata