The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted PDF data which serves as a potential vector for indirect prompt injection attacks (Category 8).
Ingestion points: Multiple scripts, including extract_form_field_info.py, extract_form_structure.py, and fill_fillable_fields.py, ingest data from external PDF files using pypdf.PdfReader and pdfplumber.open.
Boundary markers: Absent. There are no delimiters or explicit instructions to the agent to ignore instructions embedded within the PDF content during extraction.
Capability inventory: The skill includes extensive capabilities for file modification, form filling, and OCR, as well as documentation for executing powerful command-line PDF utilities.
Sanitization: Content extracted from PDF files is not sanitized before being returned to the agent or written to other files.
[Dynamic Execution] (LOW): The script scripts/fill_fillable_fields.py utilizes dynamic monkeypatching to modify the behavior of an external library at runtime.
Evidence: The function monkeypatch_pydpf_method overwrites DictionaryObject.get_inherited within the pypdf library to resolve a specific field inheritance issue. This is a legitimate compatibility fix but uses a dynamic code modification pattern.
[Command Execution] (SAFE): SKILL.md provides instructions for using CLI tools such as qpdf, pdftk, and pdftotext. These are provided as user documentation and are not executed automatically or unsafely by the Python scripts.

pdf