nano-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'nano-pdf' package via PyPI. This is a standard dependency for the skill's functionality but involves downloading external code from a public registry.
- [DATA_EXFILTRATION]: The skill transmits PDF data to an external API endpoint (https://api.opencclaw.com/nano-pdf/extract) for processing. While this is the intended primary purpose of the skill, users should be aware that sensitive document content is sent to a third-party service.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it extracts and mines text from PDFs, which are external, untrusted data sources.
- Ingestion points: Reads and processes PDF files through 'extract' and 'mine' commands.
- Boundary markers: There are no explicit delimiters or warnings mentioned to prevent the agent from following instructions embedded within the extracted PDF text.
- Capability inventory: The skill has the capability to perform network requests (via the 'requests' library) and execute local commands (via the 'nano-pdf' binary).
- Sanitization: The documentation does not specify any sanitization, filtering, or validation of the extracted text before it is returned to the agent or used in subsequent operations.
Audit Metadata