The Agent Skills Directory

[Dynamic Execution] (LOW): The script scripts/fill_fillable_fields.py performs a monkeypatch on the pypdf library to modify DictionaryObject.get_inherited. While this is a dynamic modification of library behavior at runtime, it is purpose-built to ensure correct handling of choice options in PDF forms.
[External Downloads] (LOW): The skill documentation recommends installing pytesseract and pdf2image. Per the trust-scope-rule, these findings are downgraded as the packages are well-known and the skill originates from a trusted organization (Anthropic).
[Indirect Prompt Injection] (LOW): The skill extracts text and metadata from untrusted PDF files, which presents a surface for indirect prompt injection. Ingestion points: scripts/extract_form_structure.py and scripts/extract_form_field_info.py. Boundary markers: None identified. Capability inventory: The skill can create/modify files and provides instructions for executing command-line utilities. Sanitization: Extracted text is passed to the agent without sanitization.
[Command Execution] (LOW): Documentation in SKILL.md describes how to use shell tools like qpdf and pdftotext. While these are standard tools, the agent should sanitize user-provided filenames before execution to prevent command injection.

pdf