Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of standard system utilities like Poppler (pdftotext, pdfimages) and qpdf. These are well-known, legitimate tools for PDF processing and are invoked as intended by the skill's primary purpose.
- [REMOTE_CODE_EXECUTION]: Python dependencies (pypdf, pdfplumber, reportlab, etc.) are managed via PEP 723 inline metadata and resolved through a secure package manager (uv). This follows modern security best practices for script-based dependency resolution.
- [DATA_EXFILTRATION]: No unauthorized network operations or access to sensitive local configuration files (~/.ssh, ~/.aws, etc.) were detected. The skill focuses exclusively on local file processing.
- [PROMPT_INJECTION]: The instructions in forms.md use strong instructional language (e.g., 'CRITICAL: You MUST complete these steps') to enforce accuracy and validation during form-filling tasks. These are guardrails for agent reliability rather than attempts to bypass safety filters.
- [DYNAMIC_EXECUTION]: A localized monkeypatch is present in 'scripts/fill_fillable_fields.py' to resolve a known bug in the pypdf library regarding selection lists. This modification is transparent, well-commented, and poses no security risk.
Audit Metadata