ai-pdf-filler-cli
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute CLI commands using 'simplicity-cli'. It provides instructions for the agent to install the 'ai-pdf-filler' package from PyPI using 'uv' or 'pip' if the tool is missing. These operations are consistent with the skill's stated purpose and use vendor-owned resources.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of PDF forms and source materials from remote URLs provided by the user via the '--form-url' and '--source-url' flags.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingest data from external sources.
- Ingestion points: The agent reads content from local PDF files, remote URLs, and context strings provided by the user.
- Boundary markers: The skill lacks explicit instructions to treat the contents of the PDFs as untrusted data or to ignore any embedded natural language instructions within those documents.
- Capability inventory: The skill can execute shell commands, perform network operations, and write files to the local system.
- Sanitization: There is no evidence of content sanitization or validation of the internal data of the PDFs before they are processed by the tool.
Audit Metadata