nano-pdf
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'nano-pdf' Python package from the official PyPI registry using the 'uv' installer. This is a legitimate dependency for the skill's functionality.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted PDF files and natural language instructions.
- Ingestion points: Untrusted PDF files provided as arguments to the 'nano-pdf' command.
- Boundary markers: No specific delimiters or safety instructions are defined in the SKILL.md file.
- Capability inventory: The agent can modify local PDF files through the 'nano-pdf' tool.
- Sanitization: The skill does not perform any sanitization or verification of the PDF content or the input instructions before processing.
Audit Metadata