The Agent Skills Directory

[PROMPT_INJECTION]: The skill extracts text, tables, and metadata from untrusted PDF files using libraries like pypdf and pdfplumber. This content is a vector for indirect prompt injection.\n- Ingestion points: PDF data is read via pypdf.PdfReader and pdfplumber.open across SKILL.md and multiple utility scripts.\n- Boundary markers: The skill lacks delimiters or specific instructions to the agent to treat extracted document content as untrusted data.\n- Capability inventory: The skill can execute shell commands (qpdf, pdftotext, pdftk) and write files (writer.write, to_excel), which could be abused if an injection is successful.\n- Sanitization: No validation or sanitization of extracted content is performed.\n- [COMMAND_EXECUTION]: The script scripts/fill_fillable_fields.py uses monkeypatching to modify the pypdf library's DictionaryObject.get_inherited method at runtime. While intended to fix a specific bug in version 5.7.0, dynamic modification of library logic is a form of dynamic execution that can lead to unpredictable behavior if the environment or library version changes.

pdf