Skills
skills/zhangcurosr/anthropics_skills/pdf/Gen Agent Trust Hub

pdf

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted PDF data which can contain malicious instructions to hijack the agent's logic. * Ingestion points: Uses pypdf, pdfplumber, and pytesseract to extract text from files and images. * Boundary markers: Absent; extracted text is not isolated from instructions. * Capability inventory: Has file write capabilities via pypdf and executes system commands through CLI tools like qpdf and pdftk. * Sanitization: No sanitization of extracted content is performed.
  • Dynamic Execution (MEDIUM): The script scripts/fill_fillable_fields.py implements monkeypatching of the pypdf library at runtime to modify the behavior of DictionaryObject.get_inherited.
  • External Downloads (MEDIUM): SKILL.md recommends pip install for several unverified packages including pytesseract and pdf2image without version pinning or integrity checks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:35 PM