Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external and potentially untrusted PDF files, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent's context through functions in
scripts/pdf_utils.py(e.g.,PdfReader,pdfplumber.open) and code snippets inSKILL.mdthat read PDF content and metadata. - Boundary markers: The provided scripts and instructions do not implement boundary markers or include system instructions to ignore embedded commands within the PDF data.
- Capability inventory: The skill possesses capabilities to read and write files and extract text/tables, which could be exploited if an injection occurs.
- Sanitization: There is no evidence of sanitization or validation of the content extracted from PDF files before it is processed by the agent.
Audit Metadata