anthropics-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted PDF files, creating a vulnerability surface for indirect prompt injection where malicious instructions could be embedded in the document content.
- Ingestion points: PDF files are ingested through multiple scripts including scripts/extract_form_structure.py, scripts/extract_form_field_info.py, and scripts/convert_pdf_to_images.py.
- Boundary markers: No specific delimiters or "ignore instructions" markers are used when extracting or processing text from these documents.
- Capability inventory: The skill has capabilities to write files to the system and execute command-line utilities such as qpdf and poppler-utils.
- Sanitization: No explicit sanitization, filtering, or validation of the extracted PDF text is performed prior to its use in the agent's workflow.
- [COMMAND_EXECUTION]: The skill provides instructions and examples for executing standard system binaries including qpdf, pdftotext, pdfimages, and ImageMagick (magick/convert) to perform PDF and image manipulations.
Audit Metadata