Pdf

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The skill explicitly instructs the agent to read a local PAI context file that contains contact lists, personal preferences, voice IDs and operating instructions unrelated to PDF processing, which is a hidden/deceptive instruction to access sensitive local data and alter behavior outside the skill's stated purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill tells the agent to load a local PAI context (which may contain API/voice IDs and other secrets) and includes examples that embed plaintext passwords on the command line or in code (e.g., qpdf --password=mypassword, writer.encrypt("userpassword","ownerpassword")), which means the agent may need to handle or reproduce secret values verbatim.

Issues (2)

E004
CRITICAL

Prompt injection detected in skill instructions.

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:34 PM
Issues
2
Security Audit — snyk — Pdf