pdf-extraction
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an ingestion surface for indirect prompt injection by reading data from external PDF documents. A maliciously designed PDF could contain text that tricks the agent into performing unintended actions once the content is extracted and processed.
- Ingestion points: The skill uses
pdfplumber.open()to access external files. - Boundary markers: No delimiters or specific 'ignore' instructions are implemented to isolate extracted text from the agent's core logic.
- Capability inventory: The skill includes code for reading files, saving extracted data to Excel (
df.to_excel), and saving images (im.save). - Sanitization: There is no evidence of validation or sanitization of the data extracted from the PDF files.
- [COMMAND_EXECUTION]: The skill generates and executes Python code snippets based on the provided library knowledge and user input. While the generated code is intended for PDF extraction, the use of dynamic code execution based on processed data represents a significant capability.
Audit Metadata