Skills
skills/cristoslc/office-skills/office-pdf/Gen Agent Trust Hub

office-pdf

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several well-known command-line utilities for PDF processing tasks.
  • Evidence: SKILL.md and REFERENCE.md demonstrate the use of pdftoppm, pdftotext, qpdf, and pdftk for merging, splitting, and converting documents.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references and utilizes a variety of trusted third-party libraries.
  • Evidence: Libraries include pypdf, pdfplumber, reportlab, pypdfium2 for Python, and pdf-lib, pdfjs-dist for JavaScript. All are widely recognized, standard tools within the PDF ecosystem.
  • [PROMPT_INJECTION]: The skill extracts text from external PDF files, creating a surface for indirect prompt injection.
  • Ingestion points: PDF content processed in SKILL.md (e.g., via PdfReader.pages.extract_text() or pdfplumber.open("document.pdf")).
  • Boundary markers: Absent; instructions do not explicitly wrap extracted content in delimiters.
  • Capability inventory: Shell command execution via qpdf and pdftoppm, and file system write access in outputs/ directory.
  • Sanitization: Absent; the skill extracts and processes raw text from document streams. The risk is mitigated by mandatory visual verification steps requiring the agent to inspect rendered images of the output document.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 09:36 PM