Skills
skills/poletron/custom-rules/pdf/Gen Agent Trust Hub

pdf

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data from PDF files.
  • Ingestion points: pypdf.PdfReader, pdfplumber.open, and pdf2image.convert_from_path in SKILL.md.
  • Boundary markers: None. Extracted text and tables are processed without delimiters or instructions to ignore embedded commands.
  • Capability inventory: File system write operations (open("wb"), writer.write(), df.to_excel(), c.save()) and shell command execution patterns.
  • Sanitization: No evidence of sanitization or filtering of the extracted content before it is used or saved.
  • Command Execution (MEDIUM): The skill provides examples of executing command-line tools which interact with the host system's shell.
  • Evidence: Shell blocks in SKILL.md demonstrating direct system command usage for qpdf, pdftk, pdftotext, and pdfimages.
  • Unverifiable Dependencies (LOW): The skill suggests installing external Python packages that increase the attack surface if not pinned to specific versions.
  • Evidence: Recommendations to install pytesseract and pdf2image via pip in SKILL.md.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:13 PM