Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): Skill references common libraries including pypdf, pdfplumber, reportlab, pandas, and pytesseract. Severity is downgraded to LOW per [TRUST-SCOPE-RULE] because the source 'anthropics/skills' is a Trusted External Source.
- [Command Execution] (LOW): Provides bash examples for qpdf and pdftotext, which are standard utilities for PDF processing.
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process untrusted external data from PDF files, creating an attack surface for indirect prompt injection. * Ingestion points: PdfReader() and pdfplumber.open() calls in SKILL.md. * Boundary markers: None present in code snippets to delimit extracted text from instructions. * Capability inventory: File system writing (writer.write()) and subprocess execution (qpdf/pdftotext). * Sanitization: No sanitization or validation of extracted text is demonstrated before potential use in downstream agent tasks.
Audit Metadata