Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's ability to extract and process text from external PDF files creates an indirect prompt injection surface.
- Ingestion points: Data is read from PDFs using pdfplumber and pypdf in scripts/extract_form_structure.py and scripts/extract_form_field_info.py.
- Boundary markers: No delimiters are used to separate extracted content from instructions.
- Capability inventory: The skill can write files and facilitate the execution of local PDF utility commands.
- Sanitization: Extracted text is not sanitized before processing.
- [COMMAND_EXECUTION]: The script scripts/fill_fillable_fields.py implements a runtime monkeypatch of the pypdf library to resolve issues with form field attribute inheritance, representing a limited form of dynamic execution.
Audit Metadata