pdf

[Skill Scanner] Installation of third-party script detected This document is a benign PDF-processing guide with example code for local PDF manipulation and OCR. There are no indicators of data exfiltration, credential harvesting, obfuscation, or network communication to third-party domains. The only security note is a documentation hygiene issue: showing a plaintext password on a qpdf command line may expose passwords via process listings or shell history and should be avoided in guidance. Otherwise the examples and stated capabilities are coherent and proportionate to the purpose. LLM verification: The skill’s described capabilities are appropriate for PDF processing tasks. Primary security concerns are about supply-chain hygiene (unpinned OCR dependency and potential unvetted script installations). Mitigations: pin dependency versions, verify sources, and avoid auto-installation of third-party scripts in production. Overall assessment remains largely benign with important notes on dependency management to reduce risk.