Chat with PDF
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are focused exclusively on document interaction and do not attempt to override system prompts or safety guardrails.
- [SAFE]: No sensitive file paths (e.g., .ssh, .env) or hardcoded credentials were found in the skill content.
- [SAFE]: The skill uses a defined MCP server ('office-mcp') to perform its tasks, which is a standard method for extending agent functionality without resorting to arbitrary command execution.
- [SAFE]: No obfuscation techniques, such as Base64 encoding of commands or hidden Unicode characters, were detected.
- [PROMPT_INJECTION]: The skill processes untrusted PDF data, which is an inherent surface for indirect prompt injection.
- Ingestion points: Document content is ingested via the 'extract_text_from_pdf' tool defined in SKILL.md.
- Boundary markers: Absent; the skill does not instruct the agent to use specific delimiters to separate PDF content from instructions.
- Capability inventory: The available tools are limited to text extraction ('extract_text_from_pdf') and metadata retrieval ('get_pdf_metadata'). There are no high-risk capabilities such as network access or shell execution.
- Sanitization: No content validation or sanitization of the extracted text is described.
Audit Metadata