Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of helper scripts and documentation for legitimate PDF processing tasks. All provided code uses well-established libraries and performs operations locally on user-provided files.
- [COMMAND_EXECUTION]: The documentation describes the use of standard command-line utilities such as qpdf and poppler-utils. These tools are used for their intended document processing functions and do not incorporate untrusted input into shell commands in a way that suggests injection risks.
- [EXTERNAL_DOWNLOADS]: The skill references several common Python and Node.js packages (e.g., pypdf, pdf-lib, pdfjs-dist) from official registries. These are documented neutrally as necessary dependencies for the skill's PDF manipulation features.
- [PROMPT_INJECTION]: The skill facilitates the extraction of text from PDF documents, which represents an attack surface for indirect prompt injection.
- Ingestion points: Untrusted PDF content is read via pypdf, pdfplumber, and pdftotext in various scripts and documentation examples.
- Boundary markers: The skill does not implement specific delimiters or instructions to ignore potential commands embedded within the extracted PDF text.
- Capability inventory: The agent possesses capabilities to write files (PdfWriter), execute local scripts, and run command-line tools.
- Sanitization: The extracted text is not sanitized or validated for malicious instructions before being presented to the agent.
Audit Metadata