Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The script
scripts/fill_fillable_fields.pyperforms a runtime monkeypatch on thepypdflibrary to resolve an upstream bug in selection list processing. While this involves dynamic modification of library code, it is restricted to a single method and is essential for the skill's primary form-filling functionality. Severity is reduced from MEDIUM to LOW per the primary purpose rule. - Indirect Prompt Injection (LOW): The skill ingests untrusted PDF data, creating a surface for indirect prompt injection. 1. Ingestion points: PDF files are processed by
scripts/extract_form_field_info.py,scripts/check_fillable_fields.py, andscripts/fill_fillable_fields.py. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The skill possesses file read/write, image conversion, and command-line execution capabilities. 4. Sanitization: The skill relies on standard third-party parsing libraries without additional sanitization of extracted content. - Command Execution (SAFE): The skill invokes standard PDF utilities (
pdftotext,qpdf,pdftk) for routine document operations. This is consistent with its stated purpose.
Audit Metadata