PDF Processing Pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content (PDFs, JSON) and has execute/write capabilities. Ingestion points: Processes 'input.pdf' and 'data.json' from external sources. Boundary markers: None identified. Capability inventory: 'subprocess.run' across multiple scripts and file writing via '--output'. Sanitization: No evidence of sanitization for filenames or data fields to prevent command injection.
- [Privilege Escalation] (MEDIUM): The documentation recommends 'chmod +x' for its scripts, which can lead to security risks if the directory is not properly secured.
- [Dynamic Execution] (MEDIUM): Relies on 'subprocess.run' to execute code at runtime using potentially untrusted path arguments.
Recommendations
- AI detected serious security threats
Audit Metadata