The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from PDF files through text extraction and OCR.
Ingestion points: External PDF data is ingested via pypdf, pdfplumber, and pytesseract across multiple scripts including extract_form_structure.py and convert_pdf_to_images.py.
Boundary markers: The instructions do not specify any boundary markers or ignore-instructions delimiters for the extracted text.
Capability inventory: The skill possesses capabilities for local file writing (open, PdfWriter), command-line execution (qpdf, magick, pdftotext), and image manipulation.
Sanitization: No sanitization or validation of the extracted PDF text is performed before it is presented to the agent context.
[COMMAND_EXECUTION]: The skill uses localized dynamic code execution and external utilities.
The script scripts/fill_fillable_fields.py performs runtime monkeypatching of the pypdf library (DictionaryObject.get_inherited) to ensure compatibility with specific PDF form structures.
The skill documentation instructs the agent to execute several standard command-line tools such as qpdf, pdftotext, pdfimages, and magick for PDF and image processing tasks.
[EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference several well-known libraries from official registries.
Python dependencies: pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pypdfium2, pandas, and Pillow.
Node.js dependencies: pdf-lib and pdfjs-dist.
These references target established, reputable software packages and do not represent a supply chain risk.

pdf