nano-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'nano-pdf' package from PyPI, a well-known and standard package registry. This package is authored by the same vendor as the skill.
- [COMMAND_EXECUTION]: The skill executes the 'nano-pdf' CLI tool to apply edits to PDF pages. This command execution is the primary purpose of the skill.
- [PROMPT_INJECTION]: The skill processes external PDF files, which introduces an indirect prompt injection surface.
- Ingestion points: Untrusted PDF files provided for editing (e.g., 'deck.pdf').
- Boundary markers: The skill does not implement delimiters or 'ignore' instructions for content parsed from the PDF.
- Capability inventory: The 'nano-pdf' tool has the capability to modify files based on instructions derived from the input.
- Sanitization: No sanitization or validation of the PDF content is performed before processing.
Audit Metadata