Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and extract data from external PDF files using
pypdfandpdfplumber. This introduces a vulnerability surface where malicious instructions embedded in a PDF (e.g., hidden in text or metadata) could influence the agent's behavior during processing. - Ingestion points: PDF file reading via
PdfReader("document.pdf")andpdfplumber.open(). - Boundary markers: None. The skill does not provide instructions to the agent on how to distinguish extracted data from system instructions.
- Capability inventory: Text/table extraction and PDF file generation/writing.
- Sanitization: No sanitization, escaping, or validation of the extracted PDF content is performed before the data is presented to the agent.
- External Downloads (LOW): The skill documentation references external Python libraries (
pypdf,pdfplumber,reportlab). While these are industry-standard packages, they are not hosted by the explicitly trusted organizations defined in the security policy.
Audit Metadata