ai-pdf

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided PDF content, including text, files, and URLs, to the vendor's infrastructure at https://ai-skills.ai. This is consistent with the skill's stated purpose of providing AI-powered document analysis.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external PDF sources (files, text, or URLs) provided via the materialText, materialFile, and materialUrl parameters. This content is subsequently interpreted by the AI to generate summaries and recommendations, creating an attack surface where instructions embedded within the document could potentially override agent behavior.
  • Ingestion points: User-supplied PDF content through materialText, materialFile, and materialUrl defined in references/form-schema.json.
  • Boundary markers: None found in the provided files to separate untrusted data from system instructions.
  • Capability inventory: The skill's capabilities are focused on API interaction via scripts/run.py; no local subprocess execution or system file modifications were detected.
  • Sanitization: No evidence of input validation or sanitization of the PDF content prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-pdf