Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerability to Indirect Prompt Injection via processing of untrusted PDF files.\n
- Ingestion points: scripts/check_fillable_fields.py, scripts/extract_form_field_info.py, scripts/fill_fillable_fields.py, and scripts/fill_pdf_form_with_annotations.py ingest external PDF data.\n
- Boundary markers: None. Content extracted from PDFs is processed without delimiters or warnings to ignore embedded instructions.\n
- Capability inventory: Extensive file writing (PDF and image generation) and suggested execution of system-level utilities.\n
- Sanitization: None. The skill relies on the integrity of ingested PDF structures.\n- COMMAND_EXECUTION (LOW): Documentation suggests the use of various external CLI tools.\n
- Evidence: SKILL.md references pdftotext, qpdf, pdftk, and pdfimages.\n- Dynamic Execution (MEDIUM): Runtime monkeypatching of the pypdf library.\n
- Evidence: scripts/fill_fillable_fields.py contains monkeypatch_pydpf_method which overrides pypdf.generic.DictionaryObject.get_inherited at runtime to bypass a library bug.
Recommendations
- AI detected serious security threats
Audit Metadata