pdf-manipulation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several standard command-line utilities including
pdftk,qpdf,ghostscript, andpoppler-utilsto perform document operations. This matches the stated purpose of the skill. - [EXTERNAL_DOWNLOADS]: The documentation includes standard installation commands for system-level dependencies using
apt-getandHomebrew. It also references well-known packages from official registries, specificallypdf-libandpdf-parsefor Node.js, andPyPDF2andpypdffor Python. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external PDF files.
- Ingestion points: The skill reads untrusted data from PDF files during text extraction, metadata retrieval, and manipulation workflows (e.g.,
pdftotext,pdfinfo,PDFDocument.load). - Boundary markers: Absent. The provided agent prompt does not specify delimiters or include instructions for the agent to ignore potentially malicious commands embedded within the PDF content.
- Capability inventory: The skill possesses significant capabilities including file system read/write access and the execution of multiple subprocesses for PDF processing.
- Sanitization: Absent. There are no mechanisms described to sanitize or validate extracted text or metadata before it is presented to the agent's context.
Audit Metadata