PDF OCR Extraction
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external PDF files, which introduces a risk of indirect prompt injection. Instructions embedded in a document could be interpreted as commands after OCR processing. * Ingestion points: Untrusted PDF files provided for OCR. * Boundary markers: No delimiters or boundary instructions are defined in the documentation. * Capability inventory: The skill interacts with the office-mcp server for file processing. * Sanitization: No mechanisms for sanitizing or validating extracted text are specified. * Mitigation: Wrap extracted text in clear delimiters and instruct the agent to disregard any embedded instructions within that content.
- [NO_CODE]: The skill consists entirely of markdown documentation and YAML metadata. No scripts, binaries, or other executable code elements are included in the package.
Audit Metadata