Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The skill instructions explicitly direct the agent to execute
sudo apt-get install -y poppler-utils. Allowing an agent to usesudoprovides a path to full system compromise if the agent's instructions are subverted. - Indirect Prompt Injection (MEDIUM): The skill's primary purpose is reading and rendering external PDF files. This represents a significant attack surface where malicious instructions embedded in PDF text or metadata could influence the agent's subsequent reasoning or actions.
- Ingestion points:
pdfplumber,pypdf, andpdftoppmused on user-provided PDFs. - Boundary markers: None specified in the instructions.
- Capability inventory: File system read/write, system command execution (
pdftoppm,apt-get). - Sanitization: No content sanitization or instruction-filtering mentioned before processing content.
- External Downloads (LOW): The skill requires installing several third-party Python packages (
reportlab,pdfplumber,pypdf) and system utilities. While these are common libraries, they introduce external dependencies into the environment.
Recommendations
- AI detected serious security threats
Audit Metadata