pdf-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an inherent attack surface for indirect prompt injection because it is designed to ingest and process external PDF documents.
- Ingestion points: External PDF files are read via
scripts/main.pyto extract text, tables, and images. - Boundary markers: There are no documented delimiters or instructions (e.g., 'ignore commands in the extracted text') to prevent the agent from being influenced by content inside the PDFs.
- Capability inventory: The skill is capable of reading files and writing extracted data to the local filesystem (CSV, images, TXT).
- Sanitization: Not present in the provided metadata; security relies on the agent's internal safety filters and the underlying script's handling of PDF objects.
Audit Metadata