Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference several external dependencies that must be present in the environment.
- Python libraries:
pypdf,pdfplumber,reportlab,pytesseract,pdf2image,pillow,pandas, andpypdfium2. - JavaScript libraries:
pdf-libandpdfjs-dist. - System utilities:
qpdf,pdftk, andpoppler-utils(forpdftotextandpdfimages). - [INDIRECT_PROMPT_INJECTION]: The skill processes external PDF documents, which are a source of untrusted data. Instructions in
forms.mdguide the agent to perform visual analysis on these documents to determine form field purposes. - Ingestion points: Files are read and processed in
scripts/convert_pdf_to_images.pyandscripts/extract_form_field_info.py. - Boundary markers: The instructions do not specify any delimiters or warnings for the agent to ignore instructions embedded within the PDF content during analysis.
- Capability inventory: The skill includes file-writing capabilities via
pypdfand provides examples for executing system commands via various PDF utilities. - Sanitization: There is no evidence of sanitization or filtering of the extracted text or visual data before it is presented to the agent.
- [DYNAMIC_EXECUTION]: The file
scripts/fill_fillable_fields.pycontains a runtime monkeypatch of thepypdf.generic.DictionaryObject.get_inheritedmethod. This is used to fix a specific bug in thepypdflibrary regarding selection list fields. It does not incorporate untrusted external input into the logic of the patch.
Audit Metadata