Skills
skills/dalehurley/phpbot/summarize-pdf-aloud/Gen Agent Trust Hub

summarize-pdf-aloud

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from local PDF files.
  • Ingestion points: Text is extracted from PDF documents using the pdftotext utility as described in the Procedure section of SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt template when processing extracted text.
  • Capability inventory: The skill has the capability to execute shell commands (ls, mdfind, pdftotext, say).
  • Sanitization: There is no evidence of sanitization or filtering applied to the extracted text or the generated summary before further processing.
  • [COMMAND_EXECUTION]: The skill uses the shell command say "{{summary_text}}" to read the LLM-generated summary aloud. This pattern is risky because if an attacker-controlled PDF triggers the LLM to include shell metacharacters (such as backticks, semicolons, or command substitutions) in the summary, it could lead to arbitrary command execution on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:31 AM