pdf-processing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- SAFE (SAFE): No malicious patterns such as prompt injection, data exfiltration, or hardcoded credentials were identified in the skill metadata or instructions. The workflow described is standard for document analysis tasks.\n- NO_CODE (INFO): The skill lacks implementation scripts or executable tools, consisting solely of markdown instructions. This significantly limits the direct attack surface as it relies on the host agent's native capabilities.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process untrusted external data (PDFs). Ingestion points: User-specified PDF file paths. Boundary markers: None specified in instructions to delimit extracted text. Capability inventory: Text extraction, structure analysis, and summarization. Sanitization: No instructions provided for sanitizing or filtering extracted content. While this represents a vulnerability surface for indirect prompt injection, the risk is limited to the agent's internal reasoning context.
Audit Metadata