Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill instructs the agent to run 'sudo apt-get install', which requires administrative access and poses a significant security risk to the host environment.
- [Indirect Prompt Injection] (HIGH): This skill has a high vulnerability surface for indirect injection: 1. Ingestion points: Processes untrusted PDF files through multiple parsing libraries. 2. Boundary markers: None present. 3. Capability inventory: High-risk capabilities including command execution (pdftoppm), package installation (pip), and system-level installation (apt). 4. Sanitization: No sanitization of PDF content or filenames is performed.
- [External Downloads] (MEDIUM): Runtime installation of unversioned Python packages (reportlab, pdfplumber, pypdf) and system utilities (poppler-utils) introduces supply chain risks.
- [Command Execution] (MEDIUM): Shell commands are template-based (e.g., pdftoppm -png $INPUT_PDF) without explicit sanitization or boundary enforcement, creating a risk for command injection via malicious filenames.
Recommendations
- AI detected serious security threats
Audit Metadata