Skills
skills/frankxai/arcanea/pdf/Gen Agent Trust Hub

pdf

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files that could contain malicious instructions designed to influence the agent.\n
  • Ingestion points: PDFs are processed by scripts/extract_form_field_info.py, scripts/check_fillable_fields.py, and referenced in SKILL.md via pypdf and pdfplumber.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are used when extracting text for the agent.\n
  • Capability inventory: The skill can execute various subprocesses (e.g., qpdf, pdftotext, pdftk) and has extensive read/write access to the local file system.\n
  • Sanitization: Extracted content is passed to the agent without sanitization or filtering.\n- [DYNAMIC_EXECUTION]: The script scripts/fill_fillable_fields.py modifies the behavior of the pypdf library at runtime.\n
  • Evidence: The monkeypatch_pydpf_method function replaces pypdf.generic.DictionaryObject.get_inherited with a custom implementation to address a bug in the library's handling of selection lists.\n- [COMMAND_EXECUTION]: The skill relies on several external command-line utilities for core functionality.\n
  • Evidence: SKILL.md and reference.md instruct the agent to use qpdf, pdftotext, pdfimages, pdftoppm, and pdftk for tasks like merging, splitting, and text extraction.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 10:52 AM