pdf-offline
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
install.shscript downloads and installs Python packages usingpip3. The packages include well-known libraries:pypdf,pdfplumber,reportlab, andPyPDF2. Additional libraries likepdf2imageandpytesseractare also referenced in scripts and documentation for specialized tasks such as OCR and image conversion. - [COMMAND_EXECUTION]: The skill executes Python scripts and shell commands to perform PDF operations. This involves local file system access for reading, writing, and merging documents. The script
scripts/fill_fillable_fields.pyimplements a runtime monkeypatch for thepypdflibrary to resolve a known bug in selection list processing, which is a form of dynamic code modification. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the processing of untrusted PDF data.
- Ingestion points: PDF text, metadata, and form field information are extracted using
doc_utils.pyandscripts/extract_form_field_info.pyand provided to the agent. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are implemented when the extracted PDF content is interpolated into the agent context.
- Capability inventory: The skill possesses the capability to write, split, and modify PDF files on the local file system. It does not exhibit network exfiltration or arbitrary shell execution capabilities beyond its intended scripts.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content extracted from PDF files before it is processed by the agent.
Audit Metadata