The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes external PDF documents through text extraction and image conversion, which creates a surface for indirect prompt injection if a processed document contains malicious instructions for the agent.
Ingestion points: PDF content is ingested via scripts/extract_form_field_info.py (metadata) and scripts/convert_pdf_to_images.py (visual analysis).
Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the data processing pipeline.
Capability inventory: The skill possesses extensive file manipulation capabilities, including reading/writing PDFs, images, JSON, and Excel files.
Sanitization: No content-based sanitization or instruction-filtering is applied to the data extracted from the PDFs.
Dynamic Execution (LOW): The script scripts/fill_fillable_fields.py performs runtime monkeypatching on the pypdf library. It intercepts DictionaryObject.get_inherited to fix a known issue with selection list formatting. While monkeypatching is generally a high-risk technique (Category 10), it is here used for a targeted, documented bug fix by a trusted author, thus maintaining a LOW severity.
Command Execution (SAFE): SKILL.md provides documentation for standard CLI tools like qpdf and pdftk. These are presented as user/agent instructions and do not represent arbitrary command execution within the skill's own scripts.

pdf-processing-anthropic