Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The toolkit invokes standard command-line utilities such as qpdf, pdftk, and poppler-utils for advanced PDF manipulation. It also includes a script that monkeypatches the pypdf library at runtime to fix a known bug in form field processing.
- [EXTERNAL_DOWNLOADS]: The skill references and uses trusted, well-known libraries including pypdf, pdfplumber, reportlab, and pdf-lib. No unverified or suspicious external dependencies were found.
- [PROMPT_INJECTION]: The processing of external PDF files presents a surface for indirect prompt injection.
- Ingestion points: PDF content is parsed through ingestion points in scripts like extract_form_field_info.py and convert_pdf_to_images.py.
- Boundary markers: No specific boundary markers are present to isolate untrusted data from the agent's instructions.
- Capability inventory: The skill allows for file writing, annotation addition, and execution of PDF utility commands.
- Sanitization: While scripts validate input types, there is no content-level sanitization performed on the extracted text.
Audit Metadata