oma-pdf
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'uvx' to execute 'opendataloader-pdf' and 'mdformat' at runtime. It also provides instructions to install the 'uv' package manager via a remote shell script from Astral's official domain. This is a standard installation method for a well-known developer tool.
- [PROMPT_INJECTION]: The skill processes untrusted PDF data which is converted to Markdown and can be read back into the agent's context. This creates a surface for indirect prompt injection where malicious instructions embedded in a PDF could attempt to influence the agent's behavior.
- Ingestion points: PDF files processed in 'resources/execution-protocol.md'.
- Boundary markers: Absent; there are no instructions to wrap the converted output in protective delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill can execute shell commands via 'uvx' and read/move files on the filesystem as described in 'resources/execution-protocol.md'.
- Sanitization: No sanitization or content filtering is performed on the extracted text before it is presented to the agent.
Audit Metadata