Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyimplements a monkeypatch for thepypdflibrary to correct a bug in handling selection list fields. This runtime modification of library behavior is a functional requirement for the skill's primary purpose. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF documents, creating an attack surface where instructions embedded in documents could influence the agent's behavior. 1. Ingestion points: PDF files are parsed by multiple scripts including
extract_form_field_info.pyandfill_fillable_fields.py. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded content are implemented. 3. Capability inventory: The skill has file system write access and utilizes external command-line utilities. 4. Sanitization: No sanitization of text extracted from document fields is performed. - [PROMPT_INJECTION]: The
forms.mdfile utilizes strong instructional keywords such as 'CRITICAL' and 'MUST' to enforce a strict multi-step workflow. While these match detection patterns for injection, they serve a legitimate procedural purpose to ensure document integrity during complex operations.
Audit Metadata