read-bin-docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection through malicious PDF content. Ingestion points:
scripts/extract_pdf_text.pyaccepts and processes untrusted PDF files viaPdfReader. Boundary markers: Absent. The script extracts raw text and concatenates it without any delimiters or 'ignore instructions' warnings. Capability inventory: The script includes the ability to write extracted content to the local filesystem using the--outputargument, which can be exploited if an injected instruction directs the agent to overwrite sensitive files. Sanitization: Absent. No filtering or validation is performed on the extracted text before it is returned to the agent or written to a file. - Unverifiable Dependencies (LOW): Relies on the external
pypdflibrary. Whilepypdfis a standard package, it is a third-party dependency that must be installed locally.
Recommendations
- AI detected serious security threats
Audit Metadata