Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard PDF utility commands such as qpdf, pdftotext, and pdftk. These are intended for document processing tasks like merging, splitting, and text extraction.
- [EXTERNAL_DOWNLOADS]: Instructions are provided for installing well-known Python packages (pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pypdfium2, and pandas) from standard registries. These are necessary dependencies for the skill's functionality.
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyperforms a runtime monkeypatch of thepypdflibrary. This is a targeted fix for a known bug in selection list handling within that library and does not involve untrusted data in the execution path. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files to extract text and metadata. While this represents a potential surface for indirect prompt injection if the extracted content is treated as instructions by the agent, it is an inherent risk of document processing tools and is mitigated by standard LLM guardrails.
- Ingestion points: Reading PDF content using pypdf, pdfplumber, and pdftotext (various scripts).
- Boundary markers: None explicitly defined in the provided instruction templates.
- Capability inventory: File system write (Write), shell execution (Bash), and file read (Read).
- Sanitization: No explicit sanitization of extracted text is mentioned in the prompts.
Audit Metadata