Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted PDF data and has write/execute capabilities. * Ingestion points: PdfReader and pdfplumber.open in SKILL.md. * Boundary markers: Absent. * Capability inventory: File-writing (writer.write, canvas.save) and system command execution (qpdf, pdftotext). * Sanitization: Missing for external content.
- [EXTERNAL_DOWNLOADS] (LOW): References standard libraries pypdf, pdfplumber, reportlab, pandas, and pytesseract. These are considered low risk given the trusted source (anthropics/skills) per the [TRUST-SCOPE-RULE].
- [COMMAND_EXECUTION] (MEDIUM): Employs CLI tools like pdftotext and qpdf. While standard for PDF processing, these execute on potentially malicious untrusted input files.
Recommendations
- AI detected serious security threats
Audit Metadata