Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides legitimate utility for document processing using well-known, reputable libraries such as pypdf, pdfplumber, and reportlab. The codebase follows secure development practices and is authored by a trusted entity.
- [COMMAND_EXECUTION]: The documentation includes examples for running standard system utilities like qpdf, pdftotext, and pdftk. These tools are standard for PDF processing tasks and are invoked for their intended purposes without signs of malicious command injection.
- [SAFE]: The script
scripts/fill_fillable_fields.pyuses a runtime monkeypatch to address a specific bug in thepypdflibrary regarding selection lists. This modification is hardcoded, logically contained, and does not process untrusted strings, thus presenting no risk of arbitrary code execution. - [SAFE]: The skill acknowledges the surface for indirect prompt injection when processing external PDF documents. It manages this risk by using structured workflows in
forms.mdand intermediate JSON files (fields.json) to validate data before it is re-integrated into agent tasks. Mandatory evidence for indirect prompt injection surface: 1. Ingestion points: PDF files are parsed byscripts/extract_form_field_info.pyandscripts/convert_pdf_to_images.py. 2. Boundary markers: Data is transitioned through structured JSON objects, providing separation from instruction context. 3. Capability inventory: File system operations and execution of PDF processing binaries. No network access. 4. Sanitization: Validation scripts likescripts/check_bounding_boxes.pyverify the integrity of extracted coordinates and metadata.
Audit Metadata