The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes PDF documents which are untrusted external data sources. Maliciously crafted PDFs could contain hidden instructions designed to influence the agent's behavior during data extraction or form filling operations.
Ingestion points: PDF content is read via pypdf and pdfplumber in scripts/extract_form_field_info.py, scripts/fill_fillable_fields.py, and scripts/fill_pdf_form_with_annotations.py.
Boundary markers: Absent. The scripts do not implement specific delimiters or warnings to the model to ignore instructions embedded within the PDF data.
Capability inventory: The skill provides capabilities for file creation, metadata extraction, and execution of system utilities.
Sanitization: Absent. Text and metadata from the PDF are processed without specific sanitization before being presented to the agent.
Dynamic Execution (LOW): The script scripts/fill_fillable_fields.py uses runtime monkeypatching (monkeypatch_pydpf_method) to override pypdf.generic.DictionaryObject.get_inherited. While this is a form of self-modifying code (Category 10), it is explicitly documented as a workaround for a specific bug in the pypdf library related to selection lists and is essential for the skill's primary purpose of filling forms.
Command Execution (SAFE): SKILL.md provides instructions for using standard system utilities such as pdftotext, qpdf, and pdftk. These tools are appropriate for PDF manipulation and are used in a standard manner.

pdf