Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts text from untrusted PDF documents. \n
- Ingestion points: PDF content is ingested via pypdf and pdfplumber in SKILL.md and scripts/extract_form_structure.py. \n
- Boundary markers: There are no delimiters or instructions to ignore embedded commands within the extracted PDF text. \n
- Capability inventory: The skill has the ability to write files and execute system commands such as qpdf and magick. \n
- Sanitization: No sanitization or validation is performed on the text extracted from the PDFs. \n- [COMMAND_EXECUTION]: The skill facilitates the execution of various command-line utilities and performs dynamic library modification. \n
- Documented workflows in SKILL.md and FORMS.md utilize subprocess calls to qpdf, pdftotext, and ImageMagick (magick). \n
- The script scripts/fill_fillable_fields.py performs a runtime monkeypatch of the pypdf library's DictionaryObject.get_inherited method to correct a known bug in selection list handling.
Audit Metadata