Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted PDF files and instructs the agent to analyze their visual content and metadata, which could contain malicious instructions. * Ingestion points: scripts/extract_form_field_info.py (metadata) and scripts/convert_pdf_to_images.py (visual data). * Boundary markers: None present. * Capability inventory: PDF creation and modification via pypdf. * Sanitization: No sanitization of ingested field data or extracted visual text.
- [Dynamic Execution] (LOW): scripts/fill_fillable_fields.py uses runtime monkeypatching to modify the pypdf.generic.DictionaryObject.get_inherited method to fix a bug in selection list processing. While technically self-modifying code, it is static and functional in nature.
Audit Metadata