pdf-extraction
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted PDF data which presents a surface for indirect prompt injection. 1. Ingestion points: PDF documents are loaded via
pdfplumber.open()in several examples within SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are included for the extracted content. 3. Capability inventory: The skill includes file reading and file writing capabilities (e.g.,df.to_excelandim.save). 4. Sanitization: No sanitization or filtering is performed on the extracted data before it is processed or returned. - [EXTERNAL_DOWNLOADS]: The documentation recommends installing standard, well-known libraries including
pdfplumberandPillowfrom official package registries.
Audit Metadata