Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection vulnerability surface detected.
- Ingestion points:
scripts/extract_form_structure.py,scripts/extract_form_field_info.py, andpdfplumberexamples inSKILL.mdextract text and metadata from external PDF files which are untrusted. - Boundary markers: The provided scripts and examples do not implement delimiters or isolation techniques (such as XML tags or explicit instructions to ignore embedded content) when the agent processes the output of these scripts.
- Capability inventory: The skill possesses extensive file manipulation capabilities (read/write/create) across PDF, JSON, and image formats, and provides instructions for command-line tool execution.
- Sanitization: No filtering or sanitization of extracted strings is performed to mitigate instructions embedded in PDF text.
- [SAFE] (SAFE): Library usage and code quality are within standard practice. The skill utilizes reputable libraries like
pypdf,reportlab, andpdfplumber. The monkeypatch inscripts/fill_fillable_fields.pyis a targeted fix for library behavior regarding form field options and does not incorporate untrusted external input into the execution logic.
Audit Metadata