Skills
skills/winsorllc/upgraded-carnival/pdf-extractor/Gen Agent Trust Hub

pdf-extractor

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted PDF files and outputs the extracted text to the agent, creating a surface for indirect prompt injection attacks.\n
  • Ingestion points: The scripts/pdf-extract.js file reads document content using fs.readFileSync based on the --file argument.\n
  • Boundary markers: The script outputs raw extracted text directly to stdout without using delimiters or protective headers to signal the boundary between data and instructions.\n
  • Capability inventory: The script is limited to file system read access and basic regex parsing; it lacks subprocess execution, network access, or dynamic code evaluation capabilities.\n
  • Sanitization: The tool implements basic character filtering (match[1].replace(/[^\x20-\x7E\n\r\t]/g, '')) to remove non-readable bytes, but it does not perform any semantic analysis or instruction filtering on the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:11 AM