pdf-reader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed plaintext passwords directly into command-line invocations (e.g., pdftotext -upw "password"), which encourages the agent to echo user-provided secrets verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads PDFs from arbitrary URLs ("If the user provides a URL, download it first: curl -sL "URL" -o /tmp/document.pdf" in SKILL.md) and then programmatically extracts and interprets their text/tables/metadata (scripts/extract.py), meaning untrusted third-party PDF content can be ingested and influence the agent's outputs and subsequent actions.