The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/fill_fillable_fields.py performs runtime monkeypatching of the pypdf library to modify the DictionaryObject.get_inherited method. This dynamic modification of library behavior is a risky coding practice that can lead to unexpected execution flows or instability.
[COMMAND_EXECUTION]: The documentation in forms.md and SKILL.md instructs the agent to use command-line tools like magick, pdftotext, qpdf, and pdftk. These operations are potentially vulnerable to shell injection if the agent interpolates untrusted file paths or coordinates into the commands without proper sanitization.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted PDF documents and associated JSON metadata, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: The scripts scripts/extract_form_field_info.py, scripts/extract_form_structure.py, and scripts/convert_pdf_to_images.py read external .pdf files. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded PDF content are used during extraction. 3. Capability inventory: The skill possesses capabilities for file reading, file writing, and image generation across multiple scripts. 4. Sanitization: There is no evidence of sanitization or filtering for text content or metadata extracted from the PDFs before it is used to influence the agent's form-filling logic.

pdf