Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via PDF content. The instructions in
forms.mdrequire the agent to analyze visual representations (images) of PDF pages to identify and process form fields. This phase is vulnerable to instructions embedded by an attacker within the document text or layout. - Ingestion points: PDFs are processed and converted to images for analysis in
scripts/convert_pdf_to_images.py. - Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish document content from system instructions.
- Capability inventory: The skill allows for significant file operations and reasoning tasks based on processed data.
- Sanitization: There is no mechanism to sanitize or validate the content extracted from the PDF before agent analysis.
- [COMMAND_EXECUTION]: The skill's documentation (
SKILL.md,reference.md) promotes the use of CLI utilities such asqpdf,pdftotext, andpdftk. This exposes the agent to shell command execution risks when handling user-supplied file paths or parameters.
Audit Metadata