pdf-text-replace
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from PDF form fields. If a PDF contains malicious instructions in its fields, the agent might be influenced when it reads the script's output logs.
- Ingestion points:
scripts/replace_text_in_pdf.pyviaPdfReader. - Boundary markers: Absent; field values are printed directly to the console.
- Capability inventory: File system write access via
PdfWriter.write. - Sanitization: No sanitization or validation of the text content extracted from the PDF fields.
Audit Metadata