The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection attacks because it is designed to extract text and data from untrusted external PDF files. \n * Ingestion points: Untrusted content is ingested through pypdf.PdfReader, pdfplumber.open, and pdf2image.convert_from_path. \n * Boundary markers: There are no boundary markers or instructions provided to the agent to treat extracted text as untrusted data. \n * Capability inventory: The skill includes the ability to write files (pypdf.PdfWriter, reportlab.canvas.Canvas) and execute system commands (via qpdf, pdftk, and poppler-utils). \n * Sanitization: No sanitization or validation of the extracted PDF content is implemented. \n- [Command Execution] (MEDIUM): The skill provides instructions for the agent to execute multiple command-line utilities (qpdf, pdftk, pdftotext, pdfimages). While these are legitimate tools, their use in a workflow that processes untrusted inputs increases the risk of argument injection or shell-based attacks if file names or parameters are not strictly controlled.

pdf