Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious activities such as data exfiltration, credential harvesting, or prompt injection were detected. The skill's functionality is consistent with its stated purpose of PDF document manipulation.
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyperforms a localized monkeypatch of thepypdflibrary to resolve a known formatting issue with selection list fields. This modification is hardcoded and used solely for functional correctness during the form-filling process. - [INDIRECT_PROMPT_INJECTION]: The skill processes external PDF files, creating a standard attack surface for indirect prompt injection. The skill mitigates this through structured instructions that require the agent to perform validation and human review before completing document transformations.
- Ingestion points: PDF documents are analyzed by
scripts/extract_form_field_info.pyandscripts/check_fillable_fields.pyto extract structure and metadata. - Boundary markers: The
forms.mdfile provides a strict, sequential workflow (e.g., 'CRITICAL: You MUST complete these steps in order') to ensure the agent processes data predictably. - Capability inventory: The skill includes several Python scripts that read and write PDF, JSON, and PNG files to the local filesystem.
- Sanitization:
scripts/fill_fillable_fields.pyperforms validation of field IDs and data types against the source PDF's extracted field information before writing data.
Audit Metadata