Skills
skills/kesslerio/pymupdf-pdf-parser-clawdbot-skill/pymupdf-pdf/Gen Agent Trust Hub

pymupdf-pdf

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill processes untrusted PDF documents and converts them into text for the AI agent to consume, creating an attack surface for indirect prompt injection.\n
  • Ingestion points: scripts/pymupdf_parse.py reads data directly from PDF files provided as input.\n
  • Boundary markers: The script uses simple Markdown comments (<!-- page {i} -->) as markers, which are insufficient to reliably separate the tool's output from malicious instructions embedded within the PDF content.\n
  • Capability inventory: The skill possesses file system write capabilities (creating directories and writing Markdown/JSON/images) but lacks direct network access or arbitrary command execution.\n
  • Sanitization: No sanitization or safety-oriented filtering is applied to the text extracted from the PDF, allowing any embedded instructions to reach the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:39 AM