The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use several system-level utilities for PDF manipulation, including pdftotext, pdfimages, pdftoppm, qpdf, and pdftk. It also executes custom Python scripts provided in the scripts/ directory to manage form field extraction, bounding box validation, and document filling. Notably, scripts/fill_fillable_fields.py modifies the pypdf library at runtime using a monkeypatch to fix a specific formatting bug in version 5.7.0.
[PROMPT_INJECTION]: The skill's primary function involves parsing untrusted PDF documents, which represents an attack surface for indirect prompt injection.
Ingestion points: PDF data is ingested and processed using multiple libraries such as pypdf, pdfplumber, and pdf2image in scripts like extract_form_field_info.py and convert_pdf_to_images.py.
Boundary markers: The skill documentation and scripts do not implement specific delimiters or instructions to ignore potential commands embedded within the PDF content.
Capability inventory: The agent is granted capabilities to perform filesystem operations (reading and writing PDF, JSON, and image files) and execute shell-based commands and Python scripts.
Sanitization: No explicit sanitization or filtering of the extracted text content is performed before it is analyzed by the agent to determine the purpose of form fields or extract data.

pdf-official