Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill uses standard PDF processing libraries (pypdf, pdfplumber, reportlab) and provides helper scripts for common tasks like OCR and form validation.
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyimplements a runtime monkeypatch of thepypdflibrary'sDictionaryObject.get_inheritedmethod. This is a localized modification used to resolve a specific library bug regarding selection list formatting and does not involve executing untrusted code or external data. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files and agent-generated JSON metadata, creating an indirect prompt injection surface.
- Ingestion points: PDF files are read in
scripts/extract_form_field_info.pyandscripts/fill_fillable_fields.py. Visual analysis instructions informs.mdrely on the agent interpreting converted images. - Boundary markers: None explicitly defined for content within the PDFs.
- Capability inventory: The skill can write files and manipulate PDF structure using
pypdfandPillow. - Sanitization: The skill includes several validation scripts (
scripts/check_bounding_boxes.py,scripts/fill_fillable_fields.py) to verify coordinate integrity and field values before processing.
Audit Metadata