pdf-read
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'pdf-parse' dependency from the NPM registry as part of its setup.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external document content.
- Ingestion points: PDF content is read from local files using 'fs.readFileSync' and parsed by the library.
- Boundary markers: Extracted text is returned directly to the agent's context without the use of delimiters or warnings to ignore instructions within the text.
- Capability inventory: The tool extracts and provides full text and metadata to the agent, potentially allowing embedded commands to influence subsequent agent actions.
- Sanitization: No sanitization or verification of the extracted text is performed to detect or neutralize malicious instructions.
- [DATA_EXFILTRATION]: The 'filePath' parameter in functions like 'readPDF' and 'readPDFPages' is not sanitized or restricted to specific directories. This creates a surface for reading arbitrary files, including sensitive configuration or credential files, if the file path provided is not strictly controlled.
Audit Metadata