Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and utilizes several command-line utilities, such as qpdf, pdftotext, pdftk, and magick (ImageMagick), for advanced PDF manipulation and image processing tasks.
- [DYNAMIC_EXECUTION]: Within scripts/fill_fillable_fields.py, the skill employs monkey-patching to modify the pypdf library's DictionaryObject.get_inherited method at runtime. This modification specifically addresses a behavior in how Choice field options are inherited, ensuring accurate form-filling functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves processing untrusted external PDF documents, which represents a potential surface for indirect prompt injection. 1. Ingestion points: External PDF content is ingested through pypdf and pdfplumber in SKILL.md and various supporting scripts (e.g., scripts/extract_form_field_info.py). 2. Boundary markers: There are no explicit delimiters or boundary markers defined in the extraction logic to separate extracted document content from instructions. 3. Capability inventory: The skill has access to file system write operations (PDF, JSON, PNG, XLSX) and can execute shell commands via subprocesses. 4. Sanitization: The scripts extract and present document content (text and metadata) to the agent without visible sanitization or filtering of potential malicious instructions embedded in the PDF data.
Audit Metadata