Skills
skills/ericmjl/skills/pdf-form-filler/Gen Agent Trust Hub

pdf-form-filler

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the anthropic Python library to communicate with Anthropic's API services for image analysis and field detection tasks. This is a standard functional requirement for the VLM-guided filling mode.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted PDF files and user-provided field values, which are then interpolated into prompts for the Claude model.
  • Ingestion points: The skill reads local PDF files (converted to images) and accepts field values via command-line arguments.
  • Boundary markers: There are no explicit delimiters used to separate the PDF content from the core instructions in the prompt, nor are there warnings to ignore instructions within the PDF data.
  • Capability inventory: The skill has the capability to write to the local filesystem using the doc.save method in both fill_pdf.py and fill_pdf_vlm.py.
  • Sanitization: No sanitization or validation is performed on the text content within the PDF or the field values before they are sent to the API, allowing potential manipulation of the prompt logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 06:30 AM