pdf-organizer
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/pdf_organizer.pyexecutes the external system utilityocrmypdfusingsubprocess.runto perform PDF deskewing and rotation. The execution is handled safely by passing arguments as a list rather than a shell string, which prevents command injection from file paths or manifest data. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted text extracted from PDF documents to generate suggested filenames and categorize documents.
- Ingestion points: Text content is extracted from PDF pages in
scripts/pdf_organizer.pyusing thepypdflibrary for analysis. - Boundary markers: The
SKILL.mdfile and the manifest documentation establish a strict workflow where all generatedorganize_manifest.jsonfiles are considered drafts that must be reviewed and confirmed by the AI or a human user before the execution script is permitted to perform file operations. - Capability inventory: The skill has the capability to read and write PDF and JSON files within specified directories and to call the
ocrmypdfbinary if installed on the host system. - Sanitization: The script includes a
sanitize_filenamefunction that removes illegal characters (such as< > : " / \ | ? *) and normalizes whitespace, preventing directory traversal or the creation of malformed files based on untrusted PDF content.
Audit Metadata