sophnet-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/upload_file.shfacilitates the upload of generated PDF files to a remote storage service using thesophnet-toolsvendor package. While this is the intended delivery mechanism, it represents a network-based data transfer capability. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and extracting text from untrusted PDF files.
- Ingestion points: Untrusted data is ingested through
scripts/extract_pdf_content.py,scripts/extract_form_structure.py, andscripts/extract_form_field_info.pywhich parse user-provided PDF documents. - Boundary markers: The skill does not implement delimiters or 'ignore' instructions when presenting extracted text from PDFs to the agent.
- Capability inventory: Across its scripts, the skill can perform network operations (via
scripts/upload_file.sh), execute subprocesses (viauv run), and write files to the local filesystem. - Sanitization: There is no evidence of sanitization or filtering of extracted PDF content before it is processed by the agent.
Audit Metadata