pdf-processor
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses a sensitive local credential file at
~/.gooseworks/credentials.jsonto retrieve API keys. While this is used for the service's own authentication, reading credential files is a sensitive operation. - [COMMAND_EXECUTION]: Uses shell commands including
curlfor network requests andpython3 -cfor parsing local JSON files. These commands are used for setup and interacting with the backend APIs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external PDF URLs.
- Ingestion points: Remote PDF URLs provided to the
linkup,scrapegraph, andriveterAPI endpoints inSKILL.md. - Boundary markers: There are no markers or instructions used to delimit the external content from the agent's instructions.
- Capability inventory: The skill utilizes shell execution for network operations (
curl) and file system access (python3reading credentials). - Sanitization: No sanitization or validation of the fetched PDF content is performed prior to processing.
Audit Metadata