Chat with PDF
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from external PDF files, creating a surface for indirect prompt injection where instructions embedded in a document could attempt to influence agent behavior.\n
- Ingestion points: Data is ingested through text and metadata extraction from PDF files via the 'office-mcp' server tools.\n
- Boundary markers: The skill instructions do not define specific delimiters or instructions to ignore embedded commands within the extracted PDF text.\n
- Capability inventory: The skill is restricted to reading document content and lacks capabilities to write files, execute shell commands, or perform network requests.\n
- Sanitization: No explicit sanitization or filtering of the extracted document content is mentioned in the skill definition.\n- [SAFE]: No other security issues such as hardcoded credentials, malicious downloads, or unauthorized privilege escalation attempts were detected in the skill's instructions or metadata.
Audit Metadata