pdf-to-images
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The script
scripts/pdf_to_images.pyexecutes themagickorconvertbinaries usingsubprocess.run. It correctly passes arguments as a list rather than a shell string, effectively mitigating shell-level command injection risks. - [Privilege Escalation] (MEDIUM): The
SKILL.mddocumentation provides an instruction for users to execute asudo sedcommand to modify the host's ImageMagick security policy (/etc/ImageMagick-*/policy.xml). This change relaxes default security constraints to allow PDF processing, which can expose the system to known historical vulnerabilities in ImageMagick's PDF parsing libraries. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted PDF files which can serve as a vector for indirect prompt injection if the resulting images contain instructions that influence subsequent agent reasoning.
- Ingestion points: The
pdf_fileargument inscripts/pdf_to_images.pyused as input for conversion. - Boundary markers: Absent; no delimiters or "ignore instructions" warnings are applied to the processed data.
- Capability inventory: System command execution and file system read/write access.
- Sanitization: Basic validation is limited to checking the file existence and the
.pdfextension.
Audit Metadata