nano-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of the nano-pdf package from the Python Package Index (PyPI), which is a standard and well-known package registry.
- [COMMAND_EXECUTION]: The skill executes the nano-pdf command-line utility to perform PDF edits. This execution is restricted to the intended functionality of page-specific natural-language editing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external PDF files which could contain adversarial instructions. 1. Ingestion points: Untrusted data enters the agent context through the reading of PDF files like deck.pdf. 2. Boundary markers: The skill does not implement delimiters or explicit instructions to distinguish document content from agent commands. 3. Capability inventory: The skill has the capability to run a CLI tool that modifies files on the system. 4. Sanitization: There is no evidence of validation or sanitization of the content extracted from processed PDFs.
Audit Metadata