Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of untrusted PDF content.
- Ingestion points: PDF metadata and page content are extracted and processed using
scripts/extract_form_field_info.pyandscripts/convert_pdf_to_images.py(which renders pages to images for vision analysis). - Boundary markers: No specific delimiters or safety instructions are provided to help the agent distinguish between data and instructions when analyzing extracted PDF content or images.
- Capability inventory: The skill allows for file writing (
PdfWriter.write) and execution of system commands for document manipulation. - Sanitization: No sanitization of text or image-based content is performed before processing.
- [COMMAND_EXECUTION]: The skill instructions and scripts involve executing several system-level PDF utilities.
- Evidence: The toolkit provide examples and scripts for using external binaries like
qpdf,pdftotext,pdftk, andtesseractfor document processing operations. - [EXTERNAL_DOWNLOADS]: The skill documentation references and depends on several external packages.
- Evidence: Documentation in
SKILL.mdandreference.mdrecommends installing Python packages likepypdf,pdfplumber,reportlab,pdf2image, andpytesseract, and references JavaScript libraries such aspdf-libandpdfjs-distin the advanced section.
Audit Metadata