Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill processes untrusted PDF data through text extraction and form field parsing, creating a surface for indirect prompt injection. * Ingestion points: scripts/extract_form_field_info.py reads metadata; SKILL.md examples extract text and tables. * Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. * Capability inventory: Capability to write files and execute command-line tools like qpdf and pdftk. * Sanitization: No sanitization of extracted content is performed.
- Dynamic Execution (LOW): scripts/fill_fillable_fields.py implements a runtime monkeypatch to modify pypdf library behavior. * Evidence: Overrides DictionaryObject.get_inherited to resolve a list-joining bug. * Context: Targeted workaround for a known library issue, not executing code from untrusted sources.
- Command Execution (SAFE): Documentation for using standard system utilities like qpdf, pdftk, and poppler-utils for PDF processing tasks.
Audit Metadata