Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted PDF documents provided by users and converts them into images for visual analysis by the agent (
scripts/convert_pdf_to_images.py). This creates an attack surface where a malicious PDF could contain text or visual cues designed to influence or hijack the agent's instructions. - Ingestion points:
scripts/convert_pdf_to_images.pyandscripts/extract_form_field_info.pyread PDF data. - Boundary markers: None identified. The agent is instructed to visually analyze the generated images.
- Capability inventory: Local file read/write operations for PDF and image processing. No network or arbitrary command execution capabilities were found.
- Sanitization: No sanitization or filtering of the PDF content or extracted metadata is performed.
- [Dynamic Execution] (LOW): The script
scripts/fill_fillable_fields.pyperforms runtime monkeypatching of thepypdflibrary'sDictionaryObject.get_inheritedmethod. While used to fix a specific bug in the library's handling of selection lists, runtime modification of external dependencies is a security risk. - [Command Execution] (LOW): The skill relies on the execution of several internal Python scripts (
scripts/check_fillable_fields.py,scripts/extract_form_field_info.py, etc.) to perform its functions. These scripts are local and utilize standard, well-known libraries.
Audit Metadata