pdftk-server
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The file references/download.md contains instructions to download source code from an untrusted external domain (https://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/pdftk-2.02-src.zip). This domain is not included in the Trusted External Sources list.
- REMOTE_CODE_EXECUTION (HIGH): The download instructions in references/download.md are followed by commands to compile the software using 'make'. This executes instructions contained within the downloaded source package, representing a remote code execution risk.
- COMMAND_EXECUTION (HIGH): Installation procedures in SKILL.md and references/download.md suggest using 'sudo' with package managers (e.g., 'sudo apt-get install pdftk'), which constitutes a privilege escalation finding.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context via 'dump_data', 'dump_data_fields', or 'unpack_files' (specified in references/pdftk-man-page.md) which extract metadata and attachments from external PDF files.
- Boundary markers: The skill lacks explicit instructions or delimiters to isolate data extracted from PDFs, potentially allowing embedded instructions to override agent behavior.
- Capability inventory: The skill possesses the capability to execute system commands, write files to disk, and extract embedded attachments.
- Sanitization: There is no evidence of sanitization or validation of the content extracted from PDF documents before it is processed.
Audit Metadata