pdf-toc-bookmarks
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to bypass safety filters or override agent behavior were detected. Instructions are focused on the task of PDF manipulation.\n- [Data Exposure & Exfiltration] (SAFE): The skill operates on local PDF and image files within the user-specified paths. No network calls or access to sensitive system directories (like .ssh or .aws) were found.\n- [Obfuscation] (SAFE): No evidence of Base64, zero-width characters, or other obfuscation techniques was found in the scripts or documentation.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses the 'pymupdf' library (imported as 'fitz'), which is a standard and reputable package for PDF processing. No remote scripts are downloaded or executed.\n- [Indirect Prompt Injection] (SAFE): While the skill processes user-provided PDF files, the risk of malicious instructions within the PDF influencing the agent is negligible due to the restricted nature of the tools provided.\n
- Ingestion points: PDF files via 'pdf_path' in 'extract_toc_images.py' and 'add_bookmarks.py'.\n
- Boundary markers: None.\n
- Capability inventory: File system read (PDF), file system write (PNG images, modified PDF).\n
- Sanitization: None.
Audit Metadata