pdf-processor

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses a sensitive local credential file at ~/.gooseworks/credentials.json to retrieve API keys. While this is used for the service's own authentication, reading credential files is a sensitive operation.
  • [COMMAND_EXECUTION]: Uses shell commands including curl for network requests and python3 -c for parsing local JSON files. These commands are used for setup and interacting with the backend APIs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external PDF URLs.
  • Ingestion points: Remote PDF URLs provided to the linkup, scrapegraph, and riveter API endpoints in SKILL.md.
  • Boundary markers: There are no markers or instructions used to delimit the external content from the agent's instructions.
  • Capability inventory: The skill utilizes shell execution for network operations (curl) and file system access (python3 reading credentials).
  • Sanitization: No sanitization or validation of the fetched PDF content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — pdf-processor