Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to extract text and data from PDF files, which are untrusted external sources. While it provides the tools for ingestion, it does not explicitly include boundary markers or sanitization logic to prevent the agent from accidentally executing instructions hidden within the PDF content.
- Ingestion points: Uses
pypdf,pdfplumber, andpytesseractto read local PDF files. - Boundary markers: No specific delimiters or "ignore instructions" warnings are included in the prompt templates.
- Capability inventory: Includes file system write operations (
open(..., 'wb')) and mentions of command-line tools likeqpdfandpdftk. - Sanitization: No evidence of content filtering or escaping before the extracted data is passed back to the agent context.
Audit Metadata