Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local Python scripts (e.g., scripts/extract_form_structure.py, scripts/fill_fillable_fields.py) and system command-line tools such as qpdf, pdftotext, and ImageMagick's magick command. The script
fill_fillable_fields.pyspecifically uses dynamic method patching to override theget_inheritedmethod of thepypdflibrary at runtime.\n- [EXTERNAL_DOWNLOADS]: The skill's documentation and reference files instruct the agent to install several third-party PDF processing and OCR libraries, including pypdf, pdfplumber, reportlab, pytesseract, pdf2image, and pypdfium2, from standard public registries.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection vulnerabilities due to its reliance on parsing content from external PDF documents.\n - Ingestion points: External data is ingested via
pypdf.PdfReaderinscripts/extract_form_field_info.py,pdfplumber.openinscripts/extract_form_structure.py, andpdf2image.convert_from_pathinscripts/convert_pdf_to_images.py.\n - Boundary markers: Absent. There are no explicit delimiters or instructions provided to the agent to treat extracted PDF text as untrusted or to ignore embedded instructions.\n
- Capability inventory: The skill possesses capabilities to execute shell commands, run Python scripts, and perform file system read/write operations.\n
- Sanitization: Absent. Extracted text, metadata, and structural information from PDFs are not sanitized or validated before being presented to the agent context.
Audit Metadata