nano-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks where malicious instructions could be embedded in the processed documents.
- Ingestion points: Untrusted PDF files provided by the user (e.g.,
deck.pdfin SKILL.md). - Boundary markers: None present. The instructions do not specify delimiters or warnings to ignore instructions embedded within the PDF content.
- Capability inventory: The skill can modify files on the local system using the
nano-pdfCLI (SKILL.md). - Sanitization: No sanitization or filtering of the PDF input content is described or implemented.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
nano-pdfpackage from the Python Package Index (PyPI) during setup. This is a standard installation procedure for the tool's core functionality.
Audit Metadata