Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted PDF data while possessing file-writing capabilities.
- Ingestion points: Functions 'extract_text', 'extract_text_by_page', and 'extract_tables' in 'references/REFERENCE.md' ingest data from external PDF files.
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the documentation or function signatures.
- Capability inventory: The skill can write and modify files via 'merge_pdfs', 'split_pdf', and 'PDFReportGenerator.create_report' as seen in 'references/REFERENCE.md'.
- Sanitization: No sanitization of extracted text is described to prevent the agent from interpreting content as instructions.
- EXTERNAL_DOWNLOADS (LOW): Uses standard PDF libraries.
- Evidence: 'PyPDF2', 'pdfplumber', and 'reportlab' are listed in 'scripts/requirements.txt'. These are well-known libraries and do not trigger higher severity findings.
Recommendations
- AI detected serious security threats
Audit Metadata