Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions in
SKILL.mdto runsudo apt-get install -y poppler-utils, which involves the use of administrative privileges. - [COMMAND_EXECUTION]: The skill utilizes the
pdftoppmsystem command for rendering PDF documents into images, which represents a subprocess execution capability. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it is designed to ingest and process content from untrusted PDF files.
- Ingestion points: External data enters the agent context via PDF text extraction (
pdfplumber,pypdf) and visual rendering (pdftoppm). - Boundary markers: There are no delimiters or specific instructions to the agent to treat PDF content as untrusted data or to ignore embedded commands.
- Capability inventory: The skill possesses capabilities for file system modification, command execution via
pdftoppm, and privileged software installation. - Sanitization: The skill lacks logic to sanitize or validate PDF content or metadata before it is processed or displayed.
- [EXTERNAL_DOWNLOADS]: The skill relies on well-known Python packages (
reportlab,pdfplumber,pypdf) and system utilities from trusted official repositories.
Audit Metadata