vedic-reader
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a Python code snippet using the
PyMuPDFlibrary (imported asfitz) to extract text layers from PDF documents. This script is used as the primary method for data ingestion in the 'Channel A' workflow. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from PDFs, images, and user-pasted text and has file-write permissions.
- Ingestion points: Processes external materials including PDF files, image screenshots, and raw text tables.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill uses
write_to_fileto create structured data and context files, and executes Python code for text extraction. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content extracted from external materials before it is saved or used in the workflow.
Audit Metadata