table-extractor
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: The instructions in SKILL.md suggest the use of
sudo apt install ghostscriptif the system utility is missing. Executing commands with root privileges is a high-security risk for automated agents. - [COMMAND_EXECUTION]: The skill requires the execution of shell commands for package installation and environment verification, specifically
pip installandgs --versionas seen in SKILL.md. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (PDF files) and possesses capabilities that could be exploited if malicious instructions are embedded in the processed documents. 1. Ingestion points: Reads PDF files from local storage (document.pdf, paper.pdf, reports/*.pdf) in SKILL.md. 2. Boundary markers: None provided to separate untrusted content from agent instructions. 3. Capability inventory: Includes the ability to install packages via pip and write data to the filesystem in CSV, Excel, and JSON formats (to_csv, to_excel, to_json). 4. Sanitization: There is no evidence of sanitization or validation of the content extracted from the PDFs before it is used or exported.
Recommendations
- AI detected serious security threats
Audit Metadata