oma-pdf
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
uvxto dynamically fetch and execute Python packages, specificallyopendataloader-pdf,opendataloader-pdf-hybrid, andmdformat. - [REMOTE_CODE_EXECUTION]: The execution protocol provides instructions for installing the
uvpackage manager via a piped shell script from the officialastral.shdomain. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests data from external PDF files and subsequently reads that content into the agent's active context.
- Ingestion points: Identified in
execution-protocol.md(Steps 2 and 4), where converted PDF content is processed and read by the agent. - Boundary markers: Absent. The skill does not specify the use of delimiters or instructions to ignore potential commands embedded within the PDF content.
- Capability inventory: The agent has the ability to execute shell commands (via
uvx) and perform file system read/write operations. - Sanitization: Absent. There is no evidence of content filtering or escaping before the converted text is presented to the agent.
Audit Metadata