Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: The skill instructs the agent to use
sudo apt-get installto install system-level dependencies (poppler-utils), which requires administrative privileges and could be exploited if the command is modified. - [REMOTE_CODE_EXECUTION]: The skill performs installation of external Python packages (
reportlab,pdfplumber,pypdf) and system tools during its workflow. While these are well-known packages, the action of installing external software involves fetching and executing code from remote registries. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external PDF files, which represents an attack surface for indirect prompt injection.
- Ingestion points: PDF files are read for text extraction and visual rendering (SKILL.md).
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the PDF content.
- Capability inventory: The skill has the ability to execute shell commands (
pdftoppm) and perform file system writes (SKILL.md). - Sanitization: Absent. There is no mention of sanitizing, escaping, or validating the content extracted from the PDF files before the agent processes it.
Recommendations
- AI detected serious security threats
Audit Metadata