literature-reader
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted content from PDF files and provides it to the agent for analysis.
- Ingestion points: PDF content enters the agent's context through the platform's Read tool or the extract_pdf.py script (SKILL.md).
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore potentially malicious instructions within the extracted text.
- Capability inventory: Across its instructions and scripts, the skill can read and write files and execute shell commands (SKILL.md, scripts/extract_pdf.py).
- Sanitization: Absent. No filtering or escaping is performed on the text extracted from the PDFs.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the pdfplumber package, which is a well-known and legitimate library for PDF data extraction.
- [COMMAND_EXECUTION]: The skill's instructions involve executing shell commands to manage dependencies (pip3 install) and run its own Python-based extraction utility (extract_pdf.py).
Audit Metadata