nano-pdf
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
nano-pdfpackage from PyPI, which is an official and standard package registry for Python. - [COMMAND_EXECUTION]: The skill utilizes the
nano-pdfcommand-line utility to perform editing operations on PDF files. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill processes external PDF files (e.g.,
deck.pdf) that could contain hidden instructions. However, this is inherent to the functionality of a PDF processing tool, and no active exploitation patterns or malicious instructions were observed in the skill itself.
Audit Metadata