Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted PDF files. Ingestion points include scripts in the scripts/ directory (e.g., extract_form_field_info.py, fill_fillable_fields.py) that read external PDF files using the pypdf and pdfplumber libraries. There are no explicit boundary markers or sanitization steps to prevent the agent from following instructions potentially embedded within the PDF data. The skill possesses file-write capabilities which could be targeted by such an injection.
- [COMMAND_EXECUTION]: The skill includes several Python scripts and instructions for using CLI tools like qpdf and pdftotext to process documents. The script scripts/fill_fillable_fields.py also performs a runtime monkeypatch of the pypdf library to modify its behavior for specific field types, which is a form of dynamic logic modification within the execution flow.
Audit Metadata