The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted PDF documents, extract their content (text, fields, and images), and present this data to the agent to guide form-filling tasks as described in forms.md.
Ingestion points: scripts/extract_form_field_info.py (reads PDF fields/metadata) and scripts/convert_pdf_to_images.py (renders PDF pages for visual analysis).
Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore potentially malicious text embedded within the processed PDF data.
Capability inventory: The skill has extensive file-write capabilities via pypdf, reportlab, and PIL, and it executes subprocesses for PDF command-line utilities.
Sanitization: Absent. Data from the PDF is processed and used directly in decision-making logic.
[Dynamic Execution] (MEDIUM): The script scripts/fill_fillable_fields.py contains a monkeypatch_pydpf_method() function that modifies the pypdf.generic.DictionaryObject.get_inherited method at runtime. While intended as a bug workaround, runtime patching of library internals is a high-risk pattern that can lead to unstable or insecure behavior if applied incorrectly.
[Command Execution] (LOW): The skill documentation and forms.md frequently direct the agent to execute local Python scripts and standard PDF utilities like qpdf, pdftotext, and pdftk. While these are used for their intended PDF processing purposes, they represent a significant local execution surface.

pdf