skills/danielmiessler/lifeos/Pdf/Gen Agent Trust Hub

Pdf

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read a sensitive configuration file located at ~/.claude/PAI/SKILL.md before starting any task. This file is documented to contain private information including a contact list, personal preferences, and security rules.
  • [PROMPT_INJECTION]: The instruction to load external context from ~/.claude/PAI/SKILL.md attempts to configure the agent's behavior and security rules via an external file, which could be used to override default system instructions.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill extracts text and tables from user-provided PDF files and processes them without sanitization or boundary markers.
  • Ingestion points: PDF files are read and processed for text and image data in SKILL.md, forms.md, and through scripts like extract_form_field_info.py.
  • Boundary markers: Absent. The skill provides no instructions to the agent to ignore or delimit potentially malicious instructions embedded in the processed PDF content.
  • Capability inventory: The skill can create and write files, manipulate PDF structure, and execute CLI tools via subprocesses in several scripts (e.g., Scripts/fill_fillable_fields.py).
  • Sanitization: Absent. Data extracted from untrusted PDF files is interpolated directly into the agent's context.
  • [COMMAND_EXECUTION]: The script Scripts/fill_fillable_fields.py performs a runtime monkeypatch of the pypdf.generic.DictionaryObject.get_inherited method. This dynamic modification of library behavior at runtime introduces risks to execution integrity. Additionally, the skill frequently executes external CLI tools such as qpdf and pdftotext to process files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — Pdf