Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides scripts for form filling, coordinate validation, and PDF conversion, and it documentation guides the agent to use CLI tools such as qpdf, pdftotext, and poppler-utils. Specifically, scripts/fill_fillable_fields.py implements a runtime monkeypatch of the pypdf library to resolve a bug in handling selection lists.
- [PROMPT_INJECTION]: The extraction of text and metadata from user-provided PDF files presents an indirect prompt injection surface. 1. Ingestion points: scripts/extract_form_field_info.py and SKILL.md extraction examples. 2. Boundary markers: None identified. 3. Capability inventory: File writing via pypdf's PdfWriter and subprocess execution of local scripts defined in forms.md. 4. Sanitization: No explicit sanitization of extracted PDF text or metadata is performed.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing well-known third-party Python packages and references established JavaScript libraries like pdf-lib and pdfjs-dist from public registries.
Audit Metadata