pdf-processing-openai
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructions include
sudo apt-get install, which grants the agent the ability to execute commands with root privileges and perform unauthorized system-level changes. - Command Execution (HIGH): The skill utilizes system commands (
pdftoppm) with unquoted variables ($INPUT_PDF,$OUTPUT_PREFIX). If an attacker provides a PDF with a malicious filename (e.g.,; touch exploit;), it could lead to arbitrary command execution. - Indirect Prompt Injection (LOW):
- Ingestion points: The skill is designed to process external PDF files via
pdfplumberandpypdfwhich may contain malicious instructions. - Boundary markers: None are present in the prompt to separate data from instructions.
- Capability inventory: The skill has access to shell execution, package managers, and file writing.
- Sanitization: No evidence of input validation or sanitization for filenames or document content is provided.
Recommendations
- AI detected serious security threats
Audit Metadata