pdf

[Skill Scanner] Installation of third-party script detected This skill/instruction file is consistent with its stated purpose (PDF processing toolkit). It contains standard, local file-based operations (reading, extracting, OCR, writing, encryption) and examples that rely on well-known libraries and command-line tools. There are no signs of obfuscated or malicious code, no suspicious network exfiltration, and no hardcoded secrets. The main security concerns are the usual risks of processing untrusted PDFs (potential parser vulnerabilities) and potential unsafe use of shell commands if user input is not sanitized in derived scripts — but those are not evidence of malicious intent in this file. Overall the content appears benign and appropriate for the stated purpose. LLM verification: The skill’s described capabilities are appropriate for PDF processing tasks. Primary security concerns are about supply-chain hygiene (unpinned OCR dependency and potential unvetted script installations). Mitigations: pin dependency versions, verify sources, and avoid auto-installation of third-party scripts in production. Overall assessment remains largely benign with important notes on dependency management to reduce risk.