Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of processing untrusted PDF files. \n
- Ingestion points: Untrusted PDF data is ingested through scripts like
extract_form_field_info.pyandcheck_fillable_fields.py. \n - Boundary markers: There are no explicit markers or instructions to isolate extracted PDF text from the agent's internal logic. \n
- Capability inventory: The skill has the capability to write files (
fill_fillable_fields.py) and manipulate images (convert_pdf_to_images.py). \n - Sanitization: No sanitization is performed on the extracted PDF content before it is processed by the agent. \n- [COMMAND_EXECUTION]: The documentation provides instructions for using common command-line utilities for PDF processing, including
qpdf,pdftotext, andpdfimages. \n- [SAFE]: The scriptscripts/fill_fillable_fields.pyincludes a runtime monkeypatch forpypdf.generic.DictionaryObject.get_inherited. This modification is a specific workaround for a known bug in thepypdflibrary to ensure selection list fields in PDF forms are handled correctly.
Audit Metadata