Skills
skills/kazukinagata/shinkoku/reading-invoice/Gen Agent Trust Hub

reading-invoice

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the shinkoku CLI tool to handle PDF files. It uses extract-text to pull data from text-based PDFs and to-image to convert scanned PDFs into PNG format for OCR processing. These commands are directly related to the skill's primary function of invoice digitization.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted content from external invoice files.
  • Ingestion points: Text extracted from PDF files via the shinkoku utility and image data processed through the Read tool.
  • Boundary markers: The skill defines structured output tags (---INVOICE_DATA---), but does not utilize specific delimiters or defensive instructions to isolate untrusted input content during the analysis phase.
  • Capability inventory: Subprocess execution (shinkoku), file system traversal (Glob), and file reading (Read).
  • Sanitization: No explicit sanitization, filtering, or escaping logic is applied to the data extracted from invoices before it is interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:13 AM