Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. Evidence Chain: 1. Ingestion points: Text is extracted from PDF files in SKILL.md and through scripts like extract_form_structure.py. 2. Boundary markers: No delimiters are used to wrap or isolate extracted text from the agent's instructions. 3. Capability inventory: The skill can write files, execute PDF utility binaries, and perform OCR. 4. Sanitization: Extracted PDF content is not sanitized before processing.
- COMMAND_EXECUTION (SAFE): The skill documentation provides examples for using legitimate PDF utilities such as qpdf and pdftk. These are standard tools and no malicious command patterns were detected.
- EXTERNAL_DOWNLOADS (LOW): The skill suggests the installation of well-known libraries like pytesseract and pdf2image. This finding is downgraded to LOW because the skill author is a trusted organization.
Audit Metadata