pdf-organizer

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pdf_organizer.py executes the external system utility ocrmypdf using subprocess.run to perform PDF deskewing and rotation. The execution is handled safely by passing arguments as a list rather than a shell string, which prevents command injection from file paths or manifest data.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted text extracted from PDF documents to generate suggested filenames and categorize documents.
  • Ingestion points: Text content is extracted from PDF pages in scripts/pdf_organizer.py using the pypdf library for analysis.
  • Boundary markers: The SKILL.md file and the manifest documentation establish a strict workflow where all generated organize_manifest.json files are considered drafts that must be reviewed and confirmed by the AI or a human user before the execution script is permitted to perform file operations.
  • Capability inventory: The skill has the capability to read and write PDF and JSON files within specified directories and to call the ocrmypdf binary if installed on the host system.
  • Sanitization: The script includes a sanitize_filename function that removes illegal characters (such as < > : " / \ | ? *) and normalizes whitespace, preventing directory traversal or the creation of malformed files based on untrusted PDF content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 04:04 PM
Security Audit — agent-trust-hub — pdf-organizer