pdf-processing-anthropic
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize several command-line utilities including qpdf, pdftotext, pdfimages, and ImageMagick (magick/convert) to perform PDF manipulation and image generation. These are standard tools for the described tasks.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by extracting data from external PDF files.
- Ingestion points: The skill uses libraries like pypdf, pdfplumber, and pypdfium2, as well as the pdftotext utility, to read text and metadata from user-provided PDF files.
- Boundary markers: There are no instructions or delimiters provided to the agent to treat the extracted text as untrusted or to isolate it from its internal logic.
- Capability inventory: The agent possesses the capability to execute shell commands and modify the file system, which could be exploited if malicious instructions in a PDF are followed.
- Sanitization: No sanitization or verification of the extracted text content is implemented in the provided scripts or instructions.
Audit Metadata