Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation and scripts utilize external command-line utilities such as qpdf, pdftotext, and pdftk for PDF manipulation.
- [EXTERNAL_DOWNLOADS]: The instructions direct the user to install several well-known third-party Python packages, including pypdf, pdfplumber, and reportlab.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes content from untrusted PDF files. Ingestion points: Data is extracted from PDFs using pypdf and pdfplumber in scripts/extract_form_field_info.py and scripts/check_fillable_fields.py. Boundary markers: The agent is not provided with delimiters or instructions to ignore commands within the extracted PDF text. Capability inventory: The skill can read/write files and execute CLI tools. Sanitization: There is no sanitization of the text extracted from documents.
- [PROMPT_INJECTION]: Misleading metadata is present in the LICENSE.txt file and script headers, which claim copyright by 'Anthropic, PBC', contradicting the provided author identity 'johnkmcleod9'.
Audit Metadata