The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow documentation in SKILL.md includes Python snippets and shell commands that utilize subprocess.run to call external analysis tools such as pdf-parser. These calls use list-based arguments, which is a security best practice to prevent shell injection.
[EXTERNAL_DOWNLOADS]: The SKILL.md file recommends the installation of several well-known third-party security tools via pip, including pdfid, pdf-parser, peepdf, and speakeasy. These are industry-standard tools for malware analysis and their usage is consistent with the skill's primary purpose.
[PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data by extracting JavaScript, URLs, and metadata from potentially malicious PDF files. This creates a surface for indirect prompt injection where malicious instructions embedded in a PDF could attempt to influence the agent's behavior during analysis.
Ingestion points: The scripts/agent.py and SKILL.md workflows read contents from untrusted PDF files.
Boundary markers: The analysis output is structured, but specific boundary markers to prevent the agent from executing embedded text instructions are not explicitly defined in the provided code snippets.
Capability inventory: The skill provides capabilities for file reading, command execution via external tools, and network indicator extraction.
Sanitization: Extracted JavaScript and URL strings are truncated and displayed, but not fully sanitized for potential prompt injection patterns.

analyzing-pdf-malware-with-pdfid