seed-pdf-import
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and process untrusted PDF content.
- Ingestion points: External PDF files are read using vision capabilities or extraction libraries as described in
SKILL.mdandreferences/pdf-extraction.md. - Boundary markers: There are no instructions or delimiters provided to distinguish between document content and potential malicious instructions embedded within the PDF text or metadata.
- Capability inventory: The skill uses various subprocess calls in
SKILL.mdandreferences/pdf-extraction.md, includingpdfimages,pdftoppm,pdftotext, and theseed-clifor document creation and publishing. It also writes files to the/tmp/directory. - Sanitization: The skill lacks evidence of sanitizing, validating, or escaping extracted content before it is processed by the agent or passed as arguments (e.g.,
--name,--display-author) to CLI tools. - [COMMAND_EXECUTION]: The skill facilitates the execution of local system utilities and vendor-provided CLI tools to handle file conversion and data publishing.
- The workflow involves running shell commands such as
pdfimages,pdftoppm, andseed-cli(from the@seed-hypermedia/clipackage) with parameters derived from the extracted PDF data.
Audit Metadata