Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the extraction of text and metadata from user-provided PDF files, creating a potential vector for indirect prompt injection where malicious content within a PDF could influence the agent's behavior.
- Ingestion points: Text extraction via
pypdfandpdfplumberinSKILL.md, and OCR extraction viapytesseractinREFERENCE.md. - Boundary markers: The provided scripts and code snippets do not implement specific boundary markers or 'ignore' instructions to isolate extracted document content from system prompts.
- Capability inventory: The skill includes the ability to write files to the disk and execute various command-line PDF processing utilities.
- Sanitization: There is no evidence of sanitization or content filtering on the text data extracted from external PDF files.
- [COMMAND_EXECUTION]: The documentation and reference guides provide instructions and examples for executing standard command-line tools for PDF operations, including
qpdf,pdftotext, andpdfimages. - [EXTERNAL_DOWNLOADS]: The skill references several well-known and standard third-party libraries for document processing (e.g.,
reportlab,pypdfium2,pdf-lib) that are downloaded from official package registries.
Audit Metadata