Chat with PDF
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill contains no executable scripts or code files, consisting only of documentation and metadata configuration.
- [SAFE]: The tools used (extract_text_from_pdf, get_pdf_metadata) belong to a vendor-consistent MCP server ('office-mcp'), which aligns with the author's identity.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted PDF documents. Evidence Chain: 1. Ingestion points: PDF text and metadata via MCP tools. 2. Boundary markers: None defined in the skill body to isolate external content. 3. Capability inventory: Limited to text and metadata extraction. 4. Sanitization: No validation or sanitization of extracted document content is specified.
Audit Metadata