Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF documents which could potentially contain malicious instructions. * Ingestion points:
scripts/extract_form_field_info.py,scripts/check_fillable_fields.py, andSKILL.md. * Boundary markers: None identified; the skill directly extracts and processes text content. * Capability inventory: File system access (read/write) and execution of system commands (qpdf,pdftotext). * Sanitization: No sanitization or validation of extracted text is performed before it enters the model context. - [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyimplements a runtime monkeypatch of thepypdflibrary'sDictionaryObject.get_inheritedmethod to correct a known bug in selection list handling. - [COMMAND_EXECUTION]: The skill documentation and scripts facilitate the execution of several PDF utility commands, including
qpdf,pdftotext,pdftk, andpdftoppmfor document manipulation and rendering.
Audit Metadata