Skills
skills/skezu/skills/pdf/Gen Agent Trust Hub

pdf

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded within processed PDF files.
  • Ingestion points: Untrusted data enters via pypdf, pdfplumber, and OCR results from pytesseract in SKILL.md and various scripts/.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between document content and its own instructions.
  • Capability inventory: The skill has extensive file-write capabilities (writer.write, image.save, df.to_excel) and execution of CLI tools.
  • Sanitization: Extracted text is used directly without validation or escaping.
  • Command Execution (MEDIUM): SKILL.md explicitly directs the agent to execute shell commands using tools like qpdf, pdftotext, and pdftk. This capability can be leveraged by a successful prompt injection to perform unauthorized file operations or system exploration.
  • External Downloads (LOW): SKILL.md suggests installing several Python packages (pytesseract, pdf2image, pdfplumber, reportlab, pypdf).
  • Evidence: These are standard, well-maintained libraries. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW/INFO as the sources are reputable registries (PyPI).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:45 AM