Skills
skills/run-llama/vibe-llama/PDF Processing/Gen Agent Trust Hub

PDF Processing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill extracts text from untrusted external files, creating a significant attack surface for indirect prompt injection.
  • Ingestion points: The parser.parse("./my_file.pdf") call in SKILL.md ingests external data into the skill's workflow.
  • Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the extracted text as untrusted data rather than instructions.
  • Capability inventory: The extracted full_text is aggregated into the agent's context, where it can influence downstream reasoning and decision-making.
  • Sanitization: Absent. No filtering or validation is performed on the parsed markdown content.
  • Unverifiable Dependencies (MEDIUM): The skill requires the installation of the llama_cloud_services Python package.
  • Source: PyPI.
  • Status: The package is maintained by the LlamaIndex (run-llama) organization, which is not currently on the provided list of Trusted External Sources.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:59 PM