ai-pdf-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to guide users through installing system dependencies and executes CLI commands. Use of high-privilege commands (sudo) is suggested for LaTeX package management (tlmgr) and system package installation (apt-get).
- [REMOTE_CODE_EXECUTION]: The skill uses
npx ai-pdf-builderto execute logic. This pattern involves downloading and running code from the npm registry at runtime, which is a standard execution model for this vendor's tool but represents an external dependency check. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its
enhanceandsummarizefeatures. These commands process untrusted external files (Markdown and PDF) using an LLM (Claude) without explicit security boundaries or sanitization protocols documented for the input phase. - Ingestion points: User-supplied markdown and PDF files in local directories (e.g., SKILL.md).
- Boundary markers: None identified in the provided instructions or command examples.
- Capability inventory: The skill calls the Anthropic API to process content and executes shell commands to generate file outputs.
- Sanitization: Documentation mentions "Content Sanitization" for AI-generated output, but no sanitization or validation is specified for the input data processed by the LLM.
Audit Metadata