pdf-2
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation mentions installing the 'openclaw' CLI via 'npm install openclaw', which is an external dependency from an unverified source.
- [COMMAND_EXECUTION]: The skill utilizes CLI commands for PDF operations, which allows execution of host-level commands via the openclaw utility.
- [DATA_EXFILTRATION]: The skill includes code snippets that send base64-encoded file data to 'https://api.openclaw.ai/api/pdf-2/ocr', representing external data transmission to a non-whitelisted domain.
- [PROMPT_INJECTION]: The skill extracts content from untrusted PDF files, creating a potential indirect prompt injection surface where malicious instructions in a document could influence the agent. Ingestion points: 'ocr', 'extract-form', and 'parse-table' commands in SKILL.md. Boundary markers: None. Capability inventory: Network POST requests and CLI execution. Sanitization: No sanitization of extracted text is described.
Audit Metadata