pdf-transcribe
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted PDF documents by rendering them into images for transcription, which presents a surface for indirect prompt injection. (Ingestion points: PDF files are rendered into images via scripts/render_pages.sh. Boundary markers: The output is structured with headers, but lacks specific data delimiters. Capability inventory: Shell command execution, file read/write, and file renaming. Sanitization: No sanitization of transcribed text.)
- [EXTERNAL_DOWNLOADS]: The skill manages the installation of the pymupdf library. (Evidence: SKILL.md and scripts/add_page_numbers.py describe and execute pip3 install commands for the pymupdf package.)
- [COMMAND_EXECUTION]: The skill invokes system utilities for document processing and maintenance. (Evidence: Use of pdftoppm for image rendering, ImageMagick convert for PDF modification, and rm -rf for directory cleanup with pattern-based safety checks.)
Audit Metadata