pdf-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted PDF data without sanitization or boundary markers.
- Ingestion points: PDF content is read using
pdfplumberas described inSKILL.md. - Boundary markers: Absent; no instructions are provided to wrap extracted text in delimiters or warn the agent about embedded instructions.
- Capability inventory: Includes Python code execution (Step 3) and file writing capabilities (CSV export in Step 2).
- Sanitization: Absent; the skill does not suggest any filtering or validation of the extracted text before it is returned to the agent context.
- [COMMAND_EXECUTION]: The skill requires the agent to generate and run Python code for data extraction.
- Evidence:
SKILL.mdStep 2 ('Write a Python script') and Step 3 ('Execute the script') involve runtime code generation and execution.
Audit Metadata