Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- Standard PDF Processing (SAFE): The skill utilizes established libraries such as pypdf, pdfplumber, and reportlab for document manipulation. The logic is focused on utility and follows best practices.
- Indirect Prompt Injection (LOW): The skill extracts text and images from untrusted PDF files for agent analysis, creating a surface for indirect prompt injection. 1. Ingestion points: convert_pdf_to_images.py and extract_form_field_info.py read data from external PDFs. 2. Boundary markers: Absent; extracted content is presented directly to the agent. 3. Capability inventory: Local file read/write and PDF processing; no network access or generic command execution in scripts. 4. Sanitization: None.
- Dynamic Execution (LOW): fill_fillable_fields.py applies a runtime monkeypatch to the pypdf library to resolve a known field-formatting bug. This is a targeted and static modification.
Audit Metadata