Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill enables the agent to read and extract data from external, untrusted PDF files. This creates a vulnerability to indirect prompt injection, where an attacker could embed malicious instructions in a document to override agent behavior. Evidence Chain (Category 8): 1. Ingestion points:
scripts/extract_form_field_info.py,scripts/fill_fillable_fields.py, andscripts/check_fillable_fields.py. 2. Boundary markers: None. 3. Capability inventory: File system writes viapypdfandPillow, and local script execution. 4. Sanitization: None. - Dynamic Execution (MEDIUM): The script
scripts/fill_fillable_fields.pyimplements a runtime monkey-patch ofpypdf.generic.DictionaryObject.get_inherited. Dynamic modification of external libraries is a brittle and potentially insecure practice.
Recommendations
- AI detected serious security threats
Audit Metadata