Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and scripts to use standard system utilities such as qpdf, pdftotext, pdftk, and ImageMagick for various PDF manipulation and image processing tasks.
- [EXTERNAL_DOWNLOADS]: The skill relies on well-known and widely used libraries including pypdf, pdfplumber, reportlab, and pdf-lib. It provides instructions for installing these dependencies via standard package managers.
- [DYNAMIC_EXECUTION]: In the scripts/fill_fillable_fields.py file, a runtime monkeypatch is applied to the pypdf library to correctly handle specific inherited form field attributes. This is a targeted technical implementation for library compatibility and does not execute untrusted external code.
- [INDIRECT_PROMPT_INJECTION]: The skill extracts text and metadata from untrusted PDF files. While this creates a data ingestion surface, the skill utilizes specialized parsing libraries and does not interpolate the extracted content into agent instructions in an unsafe manner.
Audit Metadata