anthropic-pdf
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The instructions in
forms.mduse forceful markers ("CRITICAL: You MUST...") to dictate the agent's workflow, which matches patterns used for instruction overrides. - [COMMAND_EXECUTION]: Core functionality is implemented through local Python scripts and CLI tools (e.g.,
qpdf,pdftk) which are executed to manipulate documents. - [DATA_EXFILTRATION]: (Indirect Prompt Injection Surface) The skill extracts and processes text from untrusted PDF documents. Malicious documents could contain instructions aimed at influencing the agent's behavior.
- Ingestion points: PDF documents processed via
scripts/*.pyandforms.mdinstructions. - Boundary markers: None explicitly enforced to distinguish data from instructions.
- Capability inventory: File reading/writing, shell command execution via local scripts.
- Sanitization: No specific sanitization of extracted PDF text is performed.
Audit Metadata