pdfco
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation instructs the agent to use the Membrane CLI (
membrane) to manage connections and run actions, which involves executing commands in the user environment.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official Membrane CLI package (@membranehq/cli) from the npm registry to interact with PDF.co services.- [PROMPT_INJECTION]: The skill processes external documents (PDFs) which could contain malicious instructions designed to influence the agent's behavior through indirect prompt injection. - Ingestion points: Untrusted PDF files are processed via PDF.co actions such as data extraction and conversion as described in
SKILL.md. - Boundary markers: The skill does not provide specific instructions or delimiters to the agent to help it distinguish between system instructions and content extracted from processed documents.
- Capability inventory: The agent has the capability to execute commands and make network requests via the Membrane CLI, which could be exploited if malicious content is processed.
- Sanitization: There is no evidence of sanitization or validation of the text or data extracted from the PDF files before it is processed by the agent.
Audit Metadata