Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is explicitly designed to ingest untrusted external data from PDF files.
- Ingestion points: Extraction of text, tables, and metadata from user-provided PDF documents.
- Boundary markers: Absent. The skill definition does not specify delimiters or instructions to ignore embedded commands within the PDF content.
- Capability inventory: The extracted data is intended for use in sensitive decision-making domains including Medical Intelligence (clinical guidelines) and Research Intelligence (academic papers).
- Sanitization: No evidence of content filtering, escaping, or instruction-detection logic is provided in the skill definition.
- External Dependencies (MEDIUM): The skill relies on multiple third-party libraries for core functionality.
- Evidence: Python (PyPDF2, pdfplumber, reportlab, PyMuPDF) and Node.js (pdf-lib, pdf-parse).
- Risk: While these are standard libraries, the lack of version pinning or integrity verification in the documentation makes the runtime environment unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata