The Agent Skills Directory

[PROMPT_INJECTION]: Deceptive metadata impersonating a trusted organization.
Evidence: The metadata in SKILL.md and LICENSE.txt identifies the author as "Anthropic" and describes a proprietary license, which contradicts the internal author identity "lawvable". This impersonation can lead to a misjudgment of the skill's origin and safety.
[PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted PDF data ingestion.
Ingestion points: scripts/extract_form_field_info.py and scripts/convert_pdf_to_images.py process external PDF files to extract form metadata and images.
Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to ignore potentially malicious commands embedded in PDF text or metadata.
Capability inventory: The skill utilizes subprocesses for CLI tools and file writing capabilities through pypdf, Pillow, and pdf2image.
Sanitization: No sanitization or filtering of extracted PDF content is performed.
[COMMAND_EXECUTION]: Instructions and examples for executing external command-line utilities.
Evidence: SKILL.md and REFERENCE.md contain instructions for running tools like qpdf, pdftotext, pdftk, and pdftoppm which execute as shell commands.
[EXTERNAL_DOWNLOADS]: Dependency on various well-known third-party Python and Node.js libraries.
Evidence: The skill requires several standard packages including pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pdf-lib, and pdfjs-dist.

pdf-processing-anthropic