pdf-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill installs several Python packages via
uv pip installand downloads large AI model files from Hugging Face during its first run. Hugging Face is recognized as a trusted organization, which minimizes the risk associated with these downloads. - Evidence: Installation of
pymupdf,docling, anddocling-coreinSKILL.md; model presence check usinghuggingface_hubinscripts/extractor.py. - Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes user-provided PDF files that may contain malicious instructions designed to influence the agent's logic during content analysis.
- Ingestion points: PDF file reading and processing in
scripts/extractor.py. - Boundary markers: The output includes a YAML metadata block, but lacks explicit delimiters or instructions to ignore embedded commands within the extracted text.
- Capability inventory: The skill can read/write local files and execute Python scripts within a dedicated virtual environment.
- Sanitization: No sanitization or filtering of the extracted PDF text content is implemented.
Audit Metadata