Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external PDF files, creating a surface for indirect prompt injection where instructions embedded in a PDF could attempt to influence the agent. \n- Ingestion points: PDF data is read and processed in
scripts/extract_form_field_info.py,scripts/fill_fillable_fields.py, andscripts/convert_pdf_to_images.py. \n- Boundary markers: No explicit markers or 'ignore' instructions are used to delimit extracted content from the agent's core instructions. \n- Capability inventory: The skill has the ability to write files (images and modified PDFs) and execute PDF utility commands through documentation examples. \n- Sanitization: No content-level sanitization or escaping of extracted PDF text is performed.
Audit Metadata