Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE: The skill consists entirely of instructional content and standard code examples for PDF manipulation.
- EXTERNAL_DOWNLOADS (INFO): The documentation references several well-known and trusted Python packages (
pypdf,pdfplumber,pandas,reportlab,pytesseract,pdf2image) and system utilities (poppler-utils,qpdf,pdftk). These are industry-standard tools and do not pose a risk in this context. - INDIRECT_PROMPT_INJECTION (LOW): The skill provides instructions for extracting text and metadata from PDF files. While processing untrusted PDFs is an inherent attack surface for AI agents, the code provided performs simple extraction without unsafe operations like
eval()orexec()on the extracted content. No specific vulnerabilities were identified in the provided implementation patterns.
Audit Metadata