pdf

[Skill Scanner] Installation of third-party script detected The provided skill/documentation is a benign PDF processing toolkit: examples and capabilities are consistent with the stated purpose (extracting text/tables, creating/merging/splitting PDFs, OCR, watermarking, password protection). There is no evidence of network exfiltration, credential harvesting, obfuscation, or hidden backdoors in the supplied content. The main security considerations are: (1) processing untrusted PDFs can expose vulnerabilities in the underlying libraries or native CLI tools, and (2) if a developer programmatically runs the example shell commands with unsanitized inputs, there could be command injection risks. Also note the proprietary license mention (check LICENSE.txt) and missing referenced files (forms.md, reference.md) for full context. Overall, content appears consistent and non-malicious. LLM verification: The skill’s described capabilities are appropriate for PDF processing tasks. Primary security concerns are about supply-chain hygiene (unpinned OCR dependency and potential unvetted script installations). Mitigations: pin dependency versions, verify sources, and avoid auto-installation of third-party scripts in production. Overall assessment remains largely benign with important notes on dependency management to reduce risk.