Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it ingests untrusted PDF files and converts them into text or images for agent analysis. A malicious PDF could contain hidden instructions that override the agent's behavior. (Ingestion points: scripts/extract_form_field_info.py, scripts/convert_pdf_to_images.py; Capability: File system writes and CLI execution; Sanitization: None identified; Boundary markers: Absent).
- [Dynamic Execution] (MEDIUM): The script scripts/fill_fillable_fields.py performs runtime monkeypatching of the pypdf library's DictionaryObject.get_inherited method to address an upstream bug. This dynamic modification of a dependency at runtime is a risky practice that can lead to unexpected behavior.
- [Command Execution] (MEDIUM): SKILL.md provides instructions and examples for executing shell-based utilities (qpdf, pdftk, pdftotext) on external PDF files. Without strict validation of input file names or content, this poses a risk of command injection or exploitation of vulnerabilities in those binary tools.
Recommendations
- AI detected serious security threats
Audit Metadata