Skills
skills/flonat/claude-research/split-pdf/Gen Agent Trust Hub

split-pdf

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads PDF documents from the internet using curl, wget, or WebFetch based on web search results or user-provided links.
  • [COMMAND_EXECUTION]: Uses Bash to execute Python code for PDF processing and to manage Python dependencies, specifically installing PyPDF2 via uv.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via untrusted PDF data.
  • Ingestion points: The Read tool is used to process text from external PDF chunks in Step 3.
  • Boundary markers: There are no explicit delimiters or instructions to treat the ingested PDF text as untrusted data or to ignore instructions contained within that text.
  • Capability inventory: The agent possesses extensive capabilities including Bash (executing python, uv, curl, wget), Write, Edit, and WebSearch, which could be exploited if malicious instructions in a PDF are followed.
  • Sanitization: The skill does not perform any sanitization or validation of the text extracted from PDFs before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:17 PM