Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, hardcoded credentials, or unauthorized network operations were identified. The skill is authored by a trusted source and performs legitimate document processing tasks.
- [COMMAND_EXECUTION]: The skill integrates with standard command-line utilities such as
qpdf,poppler-utils(pdftotext,pdfimages,pdftoppm), andImageMagick(magick/convert). These are used for common PDF-to-image conversion and file manipulation tasks. - [EXTERNAL_DOWNLOADS]: The documentation recommends the use of well-known and trusted external libraries including
pypdf,pdfplumber,reportlab,pypdfium2, andpdf-lib. These are standard tools in the PDF processing ecosystem. - [PROMPT_INJECTION]: The skill inherently processes untrusted PDF data (ingestion points in
scripts/extract_form_field_info.pyandscripts/extract_form_structure.py). While there are no explicit boundary markers or sanitization logic for extracted text, the risk is mitigated by the skill's specific focus on technical PDF manipulation and the absence of high-privilege capabilities.
Audit Metadata