The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and interprets content (text and images) from untrusted PDF files to determine form layouts.
Ingestion points: PDF content is ingested and processed in scripts/extract_form_field_info.py, scripts/extract_form_structure.py, and scripts/convert_pdf_to_images.py.
Boundary markers: There are no explicit delimiters or safety instructions provided to the agent to distinguish between its own logic and instructions that might be embedded in the PDF data.
Capability inventory: The skill utilizes subprocesses to execute system commands and has the ability to read/write files.
Sanitization: No sanitization, filtering, or validation is performed on the extracted text before it is presented to the agent for analysis.
[COMMAND_EXECUTION]: The skill relies on several external command-line utilities for document manipulation and image processing.
Evidence: SKILL.md and forms.md instruct the agent to use tools such as qpdf, pdftotext, pdftk, and magick (ImageMagick) to merge, split, crop, and OCR PDF files.
[REMOTE_CODE_EXECUTION]: The skill employs dynamic code modification techniques to adjust the behavior of its dependencies.
Evidence: scripts/fill_fillable_fields.py contains a monkeypatch_pydpf_method function that redefines the get_inherited method of the pypdf.generic.DictionaryObject class at runtime.

pdf