Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted PDF documents to extract text and tables, creating a surface for adversarial content to influence agent behavior. Evidence Chain: 1. Ingestion points: pypdf, pdfplumber, and pytesseract read external PDF files (e.g., document.pdf, scanned.pdf). 2. Boundary markers: Snippets lack delimiters or instructions for the agent to ignore embedded commands. 3. Capability inventory: The skill performs file writes and command execution (qpdf, pdftotext). 4. Sanitization: No sanitization of extracted text is performed.
- Command Execution (SAFE): The skill references standard command-line utilities (qpdf, pdftotext, pdftk, pdfimages) for document manipulation. These are well-known tools used according to their primary purpose.
Audit Metadata