Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing widely-used Python packages like
reportlab,pdfplumber, andpypdffrom public registries. It also references system-level utilities likepoppler-utilsfrom official repositories (Homebrew, Ubuntu/Debian). - [COMMAND_EXECUTION]: It utilizes the
pdftoppmcommand-line tool to convert PDF pages into images for review. The use ofsudois mentioned specifically in the context of installing standard system dependencies from official repositories. - [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection as the skill is designed to handle external PDF documents which may contain malicious instructions. Visual inspection of rendered images is mandated in the workflow as a key mitigation strategy.
- Ingestion points: PDF files provided for reading or review as described in
SKILL.md. - Boundary markers: No specific delimiters or safety instructions are defined for the text extraction phase.
- Capability inventory: The skill uses
pdftoppmfor rendering and various Python libraries for data extraction and document creation. - Sanitization: The workflow mandates rendering pages to PNGs for visual inspection to verify content and layout before final delivery.
Audit Metadata