pdf-beautifier
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The HTML template in
assets/template.htmlloads fonts fromfonts.googleapis.com. This is a trusted external source and is used strictly for styling purposes. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected (Category 8). The skill is designed to process untrusted user documents (PDF/Text) to generate styled HTML.
- Ingestion points: User-provided document content entering the agent context via the beautification request.
- Boundary markers: The skill relies on natural language instructions ('原文完整保留') to maintain content integrity but lacks structural or technical delimiters to isolate untrusted data.
- Capability inventory: The agent performs structural identification (titles, lists) and generates complete HTML/CSS documents, which is a significant capability when combined with untrusted input.
- Sanitization: No explicit sanitization or escaping of the user's input is mandated, which could theoretically allow malicious snippets within the source document to influence the agent's formatting logic or persist into the generated HTML output.
Audit Metadata