Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function of extracting text from untrusted external PDF files creates a surface for indirect prompt injection. Ingestion points: Content is read from PDF files using scripts such as
scripts/extract_form_structure.pyandscripts/extract_form_field_info.py. Boundary markers: No explicit delimiters or instructions are used to ensure the agent ignores malicious instructions embedded within extracted text. Capability inventory: The skill allows for file writing and the execution of system-level PDF processing utilities. Sanitization: Extracted text is not sanitized before being returned to the agent's context. - [COMMAND_EXECUTION]: The skill provides instructions for and utilizes several external command-line utilities. Evidence: Instructions are provided for
qpdf,pdftotext,pdftk, andmagick(ImageMagick) to perform various PDF and image processing tasks. Additionally,scripts/fill_fillable_fields.pyperforms a runtime monkeypatch on thepypdflibrary'sDictionaryObject.get_inheritedmethod to adjust metadata inheritance logic.
Audit Metadata