pdf-form-fill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface by processing data from external sources and inserting it into PDF forms.\n
- Ingestion points: Employee identity data (names, identification numbers) is retrieved from a database via Prisma based on user-supplied IDs (SKILL.md).\n
- Boundary markers: The skill does not use specific markers or instructions to isolate the data from potential instructions that could be embedded within the database fields.\n
- Capability inventory: The skill possesses capabilities for reading local template files (
fs.readFileSync), database interaction (prisma), and network-based file storage (uploadBufferToGCS) in SKILL.md.\n - Sanitization: There is no evidence of sanitization or structural validation performed on the retrieved text content before it is passed to
setText()in the document generation process.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages highly sensitive PII, including National ID numbers (DNI) and Social Security Numbers (NSS). This access is consistent with the skill's primary purpose of completing official government and employment forms.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill depends on thepdf-libandprismapackages. These are well-known, legitimate libraries for PDF manipulation and database management respectively.
Audit Metadata