Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill presents a significant Indirect Prompt Injection surface (Category 8). Ingestion points: pypdf.PdfReader in scripts/extract_form_field_info.py and pdf2image.convert_from_path in scripts/convert_pdf_to_images.py. Boundary markers: Absent; external PDF content is analyzed and processed without delimiters. Capability inventory: File modification (pypdf, reportlab) and shell execution (qpdf, pdftk). Sanitization: Absent; extracted content directly influences form-filling decisions.
- [Dynamic Execution] (MEDIUM): The script scripts/fill_fillable_fields.py performs runtime monkeypatching of the pypdf library to fix a selection list bug. While functional, runtime modification of libraries is a dynamic execution pattern.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill depends on several standard Python packages (pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pandas) and system utilities (qpdf, pdftk). These are well-known but introduce external dependency risks.
Recommendations
- AI detected serious security threats
Audit Metadata