pdf-translator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes text extracted from untrusted PDF documents without protective delimiters.
- Ingestion points: Text is ingested from external files via the
scripts/extract_text.pyscript. - Boundary markers: No explicit delimiters (such as XML tags or unique markers) are used to wrap the extracted text, increasing the risk that instructions embedded in a PDF could be obeyed by the agent.
- Capability inventory: The skill includes scripts for both reading from the file system (
extract_text.py) and writing to it (generate_md.py), creating a potential path for file-based exploits if an injection occurs. - Sanitization: The skill lacks content validation or sanitization routines to identify or neutralize malicious instructions in the document text.
Audit Metadata