Skills
skills/firecrawl/openai-skills/pdf/Gen Agent Trust Hub

pdf

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use sudo for installing the poppler-utils package via the system package manager. Executing commands with sudo allows the agent to acquire administrative privileges on the host environment.
  • [COMMAND_EXECUTION]: The skill executes the pdftoppm shell command to render PDF pages into images for visual inspection. This involves executing external binaries with parameters derived from file paths.
  • [PROMPT_INJECTION]: The skill processes external PDF files, creating a surface for indirect prompt injection where malicious instructions embedded in the PDF could influence the agent's behavior during text extraction or visual review.
  • Ingestion points: Reads and processes external PDF files using tools like pdfplumber, pypdf, and pdftoppm (SKILL.md).
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded commands when processing PDF content.
  • Capability inventory: The skill has the ability to execute shell commands (pdftoppm), write to the local file system (tmp/pdfs/, output/pdf/), and perform package installations.
  • Sanitization: Absent. No validation or sanitization is performed on the data extracted from the PDF files before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 03:02 PM
Security Audit — agent-trust-hub — pdf