The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF documents, which serves as an entry point for potential malicious instructions embedded in file content.
Ingestion points: scripts/extract_form_field_info.py, scripts/convert_pdf_to_images.py, and scripts/check_fillable_fields.py ingest user-provided PDF content.
Boundary markers: Absent. Instructions in forms.md direct the agent to analyze visual and textual content of the PDF without explicit delimiters or warnings to ignore embedded instructions.
Capability inventory: The skill possesses file read/write capabilities and can execute logic based on parsed PDF metadata and images using libraries like pypdf, PIL, and pdf2image.
Sanitization: The scripts/check_bounding_boxes.py script provides validation for coordinates generated during agent analysis, but there is no sanitization of the external PDF content itself.
[DYNAMIC_EXECUTION]: The script scripts/fill_fillable_fields.py performs runtime monkeypatching of a third-party library.
Evidence: The function monkeypatch_pydpf_method modifies pypdf.generic.DictionaryObject.get_inherited at runtime to address a known issue in the pypdf library's handling of selection list fields.

pdf