Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (PDF files) and possesses capabilities that can be abused if malicious instructions are found within those files.
- Ingestion points: Uses
PdfReader,pdfplumber.open, andconvert_from_pathto read local PDF documents. - Boundary markers: No delimiters or 'ignore' instructions are present to prevent the agent from obeying instructions embedded in extracted text.
- Capability inventory: The skill allows writing files (
writer.write,to_excel,c.save,doc.build) and executing shell commands via various PDF utilities. - Sanitization: Extracted content is not sanitized or validated before being printed or processed.
- [Command Execution] (MEDIUM): The skill relies on and provides instructions for several command-line utilities (
pdftotext,qpdf,pdftk,pdfimages), which necessitates the agent executing shell commands with parameters often derived from input file names.
Recommendations
- AI detected serious security threats
Audit Metadata