The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection risk detected based on the following evidence chain: 1. Ingestion points: pdf_to_markdown.py and extract_form_field_info.py are designed to read and process untrusted external PDF files. 2. Boundary markers: No delimiters or protective instructions are used when passing extracted PDF text to the agent. 3. Capability inventory: The skill is configured in SKILL.md with access to Bash, Read, and Write tools. 4. Sanitization: No validation or sanitization is performed on the extracted content. This allows a maliciously crafted PDF to potentially influence the agent's behavior or use its tools.
[COMMAND_EXECUTION]: The skill uses dynamic execution patterns for utility and bug-fixing purposes. check_dependencies.py employs __import__ to verify the presence of required modules. fill_fillable_fields.py uses monkeypatching to override the DictionaryObject.get_inherited method in the pypdf library to resolve an upstream bug. These are local operations intended for environment validation and compatibility.

pdf