pdf-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes 'deno run' to execute local scripts for document analysis and generation. It requests specific file system permissions (--allow-read, --allow-write) but correctly omits network access (--allow-net) and subprocess execution (--allow-run), effectively limiting the potential impact of script exploitation.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: 'analyze-template.ts' reads PDF files for text and metadata, and 'generate-from-template.ts' processes external templates. 2. Boundary markers: There are no instructions or delimiters defined to help the agent distinguish between its system instructions and content extracted from external PDFs. 3. Capability inventory: The skill has the ability to read from and write to the local file system. 4. Sanitization: No sanitization or validation of the extracted PDF text is mentioned in the documentation or provided script references.
Audit Metadata