Skills
skills/weihuizhong/skills/pdf/Gen Agent Trust Hub

pdf

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files to extract text and structure, creating a surface for indirect prompt injection.
  • Ingestion points: Found in SKILL.md, forms.md, and scripts like extract_form_structure.py which use pypdf and pdfplumber to read content from external files.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' instructions for data extracted from PDFs before it is returned to the agent context.
  • Capability inventory: The agent can write files, convert images, and execute shell commands (qpdf, magick, etc.) based on the processed data.
  • Sanitization: No evidence of sanitization or escaping of extracted text is present in the provided scripts or instructions.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md and forms.md frequently direct the agent to execute external command-line utilities.
  • Evidence: Commands include pdftotext, qpdf, pdftk, and magick (ImageMagick) for PDF processing and image manipulation.
  • [DYNAMIC_EXECUTION]: The script scripts/fill_fillable_fields.py utilizes runtime modification of imported libraries.
  • Evidence: The function monkeypatch_pydpf_method redefines pypdf.generic.DictionaryObject.get_inherited at runtime to alter how PDF field attributes are retrieved.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:48 PM