Skills
skills/wenjunduan/rlues/pdf/Gen Agent Trust Hub

pdf

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external PDF files, creating a vulnerability to indirect prompt injection.\n
  • Ingestion points: Untrusted content is read using pypdf, pdfplumber, and pypdfium2 as described in SKILL.md, and through the analysis of images converted from PDFs in forms.md.\n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided to the agent.\n
  • Capability inventory: The skill can write files, execute the included Python scripts, and run system CLI tools like qpdf and pdftotext.\n
  • Sanitization: The skill lacks sanitization of extracted text before it is provided to the agent's context.\n- [COMMAND_EXECUTION]: The instructions in SKILL.md, forms.md, and reference.md guide the agent to use various command-line utilities, including pdftotext, qpdf, pdftk, pdftoppm, pdfimages, and ImageMagick's magick command.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:29 PM