pdf-to-image-preview
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Metadata Poisoning (MEDIUM): The file
references/usage-guide.mdis inconsistent with the actual implementation inscripts/convert_pdf_to_images.py. - Evidence: The guide references a script named
pdf_to_images.pyand a command-line flag--html-output, neither of which exist in the provided skill files. This misleading metadata can cause an agent to attempt to execute non-existent commands or assume capabilities (HTML generation) that the skill does not possess. - Indirect Prompt Injection (LOW): The skill ingests untrusted external content (PDF files) and possesses file-write capabilities.
- Ingestion points:
fitz.open(pdf_path)inscripts/convert_pdf_to_images.pyopens user-provided PDF files. - Boundary markers: None. The script does not use delimiters or instructions to ignore embedded content within the PDF structure.
- Capability inventory: The script uses
os.makedirsto create directories,pix.saveto write image files, andzipfile.ZipFileto write archive files to the local filesystem. - Sanitization: No sanitization or validation of the PDF content or the output directory path (beyond basic existence checks) is performed.
- Unverifiable Dependencies (LOW): The skill relies on an external library
pymupdf. - Evidence:
SKILL.mdandscripts/convert_pdf_to_images.pyrequirepymupdf>=1.23.0. While this is a common library, it is an external dependency that must be installed from a public registry.
Audit Metadata