Skills
NYC
skills/ovachiever/droid-tings/pdf/Gen Agent Trust Hub

pdf

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (HIGH): Vulnerable to indirect prompt injection through untrusted PDF files.
  • Ingestion points: scripts/convert_pdf_to_images.py, scripts/extract_form_field_info.py, and SKILL.md examples use pypdf and pdfplumber to ingest external PDF data.
  • Boundary markers: Absent. The agent is instructed to visually analyze and extract data without technical sanitization or delimiters.
  • Capability inventory: Can write files (output.pdf, extracted_tables.xlsx) and execute system commands (qpdf, pdftotext).
  • Sanitization: None. Extracted text is used directly for agent reasoning and file creation.
  • Dynamic Execution (MEDIUM): scripts/fill_fillable_fields.py uses monkeypatching to modify the pypdf library at runtime.
  • Evidence: The monkeypatch_pydpf_method function replaces pypdf.generic.DictionaryObject.get_inherited with a local version to bypass a bug.
  • Risk: While intended as a fix, runtime modification of library classes is a form of dynamic execution that increases the attack surface.
  • Command Execution (LOW): The skill documentation provides examples for executing several system binaries.
  • Evidence: SKILL.md includes shell commands for pdftotext, qpdf, and pdftk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:04 PM