openai-pdf
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructs the agent to execute
sudo apt-get install -y poppler-utils. Requiring root privileges for a skill utility is a high-risk behavior that grants unnecessary system-wide permissions. - Indirect Prompt Injection (HIGH): The skill is designed to ingest and process external PDF files using tools like
pdfplumberandpypdf(SKILL.md, workflow steps 1-3). Because the skill has access to high-privilege tools includingBash,Write, andEdit(SKILL.md metadata), a malicious PDF containing embedded instructions could potentially hijack the agent's logic to execute arbitrary commands or modify local files. No sanitization or boundary markers are defined for the processed content. - External Downloads (LOW): The skill installs several standard Python packages (
reportlab,pdfplumber,pypdf). While these are external dependencies, the skill metadata claims origin from a trusted source (OpenAI), which downgrades the risk of these specific downloads per [TRUST-SCOPE-RULE], although the execution risk remains.
Recommendations
- AI detected serious security threats
Audit Metadata