pdf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext passwords and passphrases in code and command-line arguments (e.g., qpdf --password=mypassword and writer.encrypt("userpassword", "ownerpassword")), which encourages the agent to include secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill ingests and analyzes arbitrary user-supplied PDFs (see forms.md and scripts such as scripts/extract_form_field_info.py, scripts/convert_pdf_to_images.py, and scripts/fill_pdf_form_with_annotations.py), so the agent is expected to read/interpret untrusted third‑party content provided at runtime.