password-protect-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.xss-cross-service-solutions.com to manage encryption jobs.
- [DATA_EXFILTRATION]: It uploads the user's PDF and password to the external service's API, which is the documented core function.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via ingested PDF files. Ingestion points: pdf_path in scripts/password-protect-pdf.py. Boundary markers: Absent. Capability inventory: File read and network access. Sanitization: Absent.
Audit Metadata