Skills
skills/qverisai/qverisbot/nano-pdf/Gen Agent Trust Hub

nano-pdf

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the nano-pdf package from PyPI using the uv package manager as part of its setup process.- [COMMAND_EXECUTION]: The skill is designed to execute the nano-pdf CLI tool to modify PDF documents on the local filesystem.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted PDF data alongside natural language instructions.
  • Ingestion points: Processes local PDF files (e.g., deck.pdf) which may contain untrusted content.
  • Boundary markers: None; the skill does not use specific delimiters to separate the PDF content from the user instructions.
  • Capability inventory: Executes shell commands via the nano-pdf binary with the ability to read and write files.
  • Sanitization: Absent; the skill does not validate or sanitize the contents of the PDF file or the instruction string before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:22 AM