pdf-reader
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data (PDF files).
- Ingestion points: Processes user-provided PDF documents for extraction and analysis as described in
SKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions embedded within the PDF content itself.
- Capability inventory: The agent is instructed to output extracted data into structured formats like JSON and CSV, which could be leveraged if an attacker embeds instructions in a PDF to exfiltrate or manipulate data.
- Sanitization: No content sanitization or validation logic is specified to mitigate the risk of instructions hidden in document text, metadata, or form fields.
- [NO_CODE]: The skill contains only natural language instructions and metadata. No executable scripts, shell commands, or binary files are included in the skill package.
Audit Metadata