Skills
skills/apsteinberg/skills/pdf-form-filler/Gen Agent Trust Hub

pdf-form-filler

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it utilizes a Vision Language Model (VLM) to analyze and interpret the content of untrusted PDF files provided by the user. An attacker could craft a PDF with instructions that attempt to manipulate the VLM's field discovery or verification logic.
  • Ingestion points: scripts/fill_pdf.py and scripts/fill_pdf_vlm.py ingest data from user-supplied PDF files via fitz.open().
  • Boundary markers: The prompts used for the VLM do not use clear delimiters to separate the instructions from the data extracted from the PDF image.
  • Capability inventory: The scripts have the capability to write to the local file system (doc.save) and make network requests to the Anthropic API.
  • Sanitization: There is no validation or sanitization of labels or text content extracted from the PDF before it is processed by the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 09:10 PM