Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) due to its primary function of processing external data.
- Ingestion points: Untrusted data enters the agent context via
PdfReader,pdfplumber.open, andpytesseract.image_to_stringas shown inSKILL.md. - Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to ignore instructions embedded within the extracted text/tables.
- Capability inventory: The skill instructions involve file writing (
writer.write,df.to_excel,c.save) and command-line execution (qpdf,pdftk,pdftotext). - Sanitization: Absent. Extracted text is processed or printed directly without validation or escaping.
Audit Metadata