Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and suggests installation of established packages from PyPI and NPM, such as
pypdf,pdfplumber,reportlab,pytesseract,pdf2image,pypdfium2,pdf-lib, andpdfjs-dist. These are industry-standard tools for document processing. - [COMMAND_EXECUTION]: The documentation includes instructions for using common CLI tools like
qpdf,pdftotext,pdftk, andpdfimages. Furthermore, the scriptscripts/fill_fillable_fields.pyperforms a runtime monkeypatch of thepypdflibrary to correct a specific bug in selection list field handling, which involves dynamic modification of imported module behavior. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to extract text and data from external PDF documents which may be untrusted.
- Ingestion points: Data enters the environment via
PdfReaderandpdfplumber.openin various scripts and usage examples. - Boundary markers: The skill does not implement delimiters or provide instructions to the agent to ignore instructions embedded within the extracted text.
- Capability inventory: The toolkit includes capabilities for reading and writing files, converting documents to images, and executing PDF-related commands.
- Sanitization: No filtering or sanitization of extracted text is performed before it is provided to the agent for analysis.
Audit Metadata