Skills
skills/first-fluke/fullstack-starter/oma-pdf/Gen Agent Trust Hub

oma-pdf

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses uvx to execute document conversion and formatting tools including opendataloader-pdf, opendataloader-pdf-hybrid, and mdformat. (Evidence: SKILL.md, resources/execution-protocol.md)
  • [EXTERNAL_DOWNLOADS]: Fetches an installation script for the uv tool from https://astral.sh/uv/install.sh, which is the official distribution point for a well-known developer tool. (Evidence: resources/execution-protocol.md)
  • [REMOTE_CODE_EXECUTION]: Instructs the user to pipe a remote installation script into the shell (curl ... | sh) to install the uv package manager from a well-known service. (Evidence: resources/execution-protocol.md)
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted PDF data and converts it into text for the agent to process.
  • Ingestion points: Reads content from user-provided PDF files via document extraction tools (resources/execution-protocol.md).
  • Boundary markers: None identified; no delimiters or ignore-instructions are used to isolate converted content.
  • Capability inventory: Executes shell commands and interacts with the file system (SKILL.md).
  • Sanitization: No evidence of text validation or sanitization is present in the conversion protocol.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 09:41 AM
Security Audit — agent-trust-hub — oma-pdf