Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing content from external PDF files.
- Ingestion points: The skill uses
pypdf,pdfplumber, andpytesseractto read and extract text/tables from local PDF files (e.g.,document.pdf,scanned.pdf). - Boundary markers: No delimiters or explicit instructions are provided to the agent to distinguish extracted document content from system instructions.
- Capability inventory: The skill facilitates file reading, text extraction, OCR, and file writing operations.
- Sanitization: There is no evidence of text sanitization or validation of the content extracted from the PDFs before it enters the agent's context.
Audit Metadata