Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted PDF files (via
extract_form_field_info.pyandextract_form_structure.py) which may contain instructions intended to manipulate agent behavior. Ingestion points: Reads PDF data and labels. Boundary markers: Absent. Capability inventory: File reading, writing, and image generation. Sanitization: Relies on standard library parsing without explicit content filtering. - [Dynamic Execution] (LOW): The script
fill_fillable_fields.pyperforms a runtime monkeypatch of thepypdflibrary'sget_inheritedmethod. This is a dynamic modification of library logic used to ensure compatibility with specific PDF form structures and does not execute arbitrary user input.
Audit Metadata