Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it is designed to ingest and process content from untrusted external PDF files.\n
- Ingestion points: PDF content is read and processed via
pypdf,pdfplumber,pypdfium2, and OCR viapytesseractacross various scripts and instructions (e.g.,SKILL.md,references/forms.md).\n - Boundary markers: The skill instructions do not implement or suggest the use of delimiters or specific "ignore embedded instructions" warnings for the agent when handling extracted text content.\n
- Capability inventory: The skill possesses the capability to write files to the local file system and provides instructions for executing multiple system command-line tools.\n
- Sanitization: No sanitization, escaping, or validation of the text extracted from PDF files is performed before it is presented to the agent.\n- [COMMAND_EXECUTION]: The skill instructions direct the agent to utilize several external command-line utilities, including
qpdf,pdftotext,pdftk, and ImageMagick (magick), for file manipulation, conversion, and optimization tasks.
Audit Metadata