pdf-splitter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill instructs the agent to install the
pypdforPyPDF2libraries from the Python Package Index (PyPI). While these are trusted packages, the skill does not specify a version, which is a minor best-practice violation. - [Command Execution] (SAFE): The skill uses the
Bashtool to execute dynamically generated Python scripts for PDF manipulation. This behavior is downgraded to SAFE because it is the primary intended function of the skill and relies on local templates. - [Indirect Prompt Injection] (LOW): The skill processes untrusted user data, specifically file paths and page ranges, which are interpolated into scripts.
- Ingestion points: User-provided file paths and page range strings (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: File system access via Read/Write and execution via the Bash tool.
- Sanitization: Absent; there are no instructions to sanitize or escape shell characters in user-provided strings.
Audit Metadata