pdf-to-markdown
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or hidden code were detected. The skill performs standard document conversion tasks using established libraries.
- [COMMAND_EXECUTION]: The skill provides a CLI interface through scripts/convert.cjs which is intended to be executed via Node.js for processing PDF files.
- [EXTERNAL_DOWNLOADS]: The project requires standard NPM dependencies including @opendocsg/pdf2md, pdfjs-dist, and tesseract.js. These are well-known packages for document processing.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted PDF data. 1. Ingestion point: scripts/lib/converter.cjs reads user-supplied PDF files. 2. Boundary markers: None are applied to the converted Markdown output. 3. Capability inventory: The skill has local file-write permissions to save conversion results. 4. Sanitization: No sanitization is performed on the extracted text. An attacker could craft a PDF with instructions to influence the agent when it later processes the Markdown.
Audit Metadata