Skills
skills/andreacovelli/my-skills/pdf/Gen Agent Trust Hub

pdf

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the handling of untrusted PDF content.
  • Ingestion points: Text and table data are extracted from PDF files using pdftotext, pdfplumber, and pypdf, as seen in SKILL.md and scripts/pdf_extract.py.
  • Boundary markers: The provided instructions do not include delimiters or warnings to the agent to treat extracted text as untrusted data, which could allow malicious instructions embedded in a PDF to influence agent behavior.
  • Capability inventory: The skill has capabilities for file system modification (scripts/pdf_pages.py) and command execution through subprocesses (scripts/pdf_ocr.py).
  • Sanitization: There is no evidence of sanitization or filtering of the extracted PDF text before it is placed into the agent's processing context.
  • [COMMAND_EXECUTION]: The skill uses subprocess calls to execute standard PDF utilities.
  • Evidence: scripts/pdf_ocr.py executes ocrmypdf, and scripts/pdf_flatten.py executes qpdf or pdftocairo.
  • Context: These executions use argument lists rather than shell strings, preventing typical shell injection. The tools invoked are standard, legitimate PDF processing utilities.
  • [EXTERNAL_DOWNLOADS]: The skill depends on several external libraries and tools.
  • Evidence: Documentation suggests the installation of pypdf, pdfplumber, reportlab, ocrmypdf, and qpdf.
  • Context: These are well-known, established software packages and utilities appropriate for the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:45 PM
Security Audit — agent-trust-hub — pdf