Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from external PDF and HTML files. Ingestion points: fitz.open(), pdftotext, and pdfkit.from_file() in SKILL.md. Boundary markers: None; text is extracted and processed without delimiters. Capability inventory: Subprocess execution (pandoc, wkhtmltopdf, pdftotext), file writing (save(), -o output.pdf), and Python execution via 'python3 -c'. Sanitization: None; the skill assumes document content is safe.
- Unverifiable Dependencies (MEDIUM): Recommends runtime installation of unversioned packages including pymupdf, reportlab, and pdfkit from public registries.
- Command Execution (MEDIUM): Uses shell commands to process user-provided or externally sourced files, which can lead to command injection if filenames or paths are manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata