pdf-official
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'forms.md' file uses imperative and authoritative language such as 'CRITICAL' and 'MUST' to enforce a strict sequence of actions, which is a pattern used to override default model behavior.
- [DYNAMIC_EXECUTION]: The script 'scripts/fill_fillable_fields.py' performs a runtime monkeypatch of the 'pypdf' library's 'get_inherited' method to address a specific bug, which involves modifying library code during execution.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files and user-provided JSON data to fill forms and extract text, creating an attack surface for indirect prompt injection. Ingestion points: 'scripts/extract_form_field_info.py' and 'scripts/fill_fillable_fields.py'. Capability inventory: Extensive file system access and script execution. Sanitization: Limited to basic field type validation.
- [METADATA_POISONING]: The skill's author is listed as 'sickn33', but the license file claims copyright by 'Anthropic, PBC'. This discrepancy in provenance metadata is deceptive and may misrepresent the skill's origin.
Audit Metadata