The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies as having a surface for indirect prompt injection because its core functionality involves ingesting and processing content from untrusted PDF files (e.g., text, labels, and form structure extraction). Malicious instructions embedded in a PDF could potentially influence the agent's behavior during the automated form-filling or extraction workflows.
Ingestion Points: scripts/extract_form_structure.py, scripts/extract_form_field_info.py, and text extraction examples in SKILL.md.
Capability Inventory: Includes file writing via pypdf, and shell command execution using qpdf, pdftotext, and magick.
Boundary Markers: No delimiters or safety instructions are used when interpolating extracted PDF content into the agent's context.
Sanitization: No sanitization or validation of the extracted PDF text is performed.
[COMMAND_EXECUTION]: The skill provides numerous shell commands for PDF manipulation (e.g., qpdf, pdftotext, pdfimages) and ImageMagick (magick) for visual analysis. Additionally, scripts/fill_fillable_fields.py contains a runtime monkeypatch of the pypdf library to fix inherited field logic, which represents a form of dynamic code modification for environment compatibility.

pdf