Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted user PDF files. Evidence: 1. Ingestion: PDF files in extraction and filling scripts. 2. Boundary markers: None. 3. Capability: Read/write access to local files. 4. Sanitization: None.
- Command Execution (LOW): SKILL.md provides documentation for the agent to use command-line utilities such as pdftotext, qpdf, and pdftk.
- Dynamic Execution (LOW): scripts/fill_fillable_fields.py implements a runtime monkeypatch for pypdf.generic.DictionaryObject.get_inherited to fix an upstream bug (Category 10).
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill depends on several external Python libraries (pypdf, pdfplumber, etc.) without specifying versions (Category 4). Downgraded due to trusted author status.
Audit Metadata