Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as it processes and extracts text from external PDF files.
- Ingestion points: PDF data is ingested through
pypdf,pdfplumber, andpytesseract(OCR) in theSKILL.mdfile. - Boundary markers: No specific boundary markers or delimiters are provided to wrap the extracted content to prevent it from being interpreted as instructions.
- Capability inventory: The skill facilitates file writing and the execution of external CLI utilities for document transformation.
- Sanitization: No sanitization or validation logic is present to filter malicious payloads embedded in document text or metadata.
- [COMMAND_EXECUTION]: The skill documentation includes examples for executing external command-line utilities to perform PDF operations.
- Evidence: The skill provides command-line instructions for
pdftotext,qpdf,pdftk, andpdfimagesto merge, split, and extract data from documents.
Audit Metadata