Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides documentation and scripts for utilizing common command-line utilities such as
qpdf,pdftotext, andpdftkfor document manipulation and conversion. - [SAFE]: The script
scripts/fill_fillable_fields.pyapplies a monkeypatch to thepypdflibrary'sDictionaryObject.get_inheritedmethod. This modification is a specific workaround for a known issue inpypdfversion 5.7.0 regarding selection list formatting and is not indicative of malicious dynamic code execution. - [PROMPT_INJECTION]: The skill processes untrusted PDF documents, creating a surface for indirect prompt injection attacks.
- Ingestion points: Document data is ingested via
PdfReaderandpdfplumber.openin several scripts (e.g.,extract_form_field_info.py,fill_fillable_fields.py). - Boundary markers: No explicit boundary markers or 'ignore' instructions are used when processing text extracted from PDFs.
- Capability inventory: The skill can write to the file system, create new documents, and execute command-line tools.
- Sanitization: No validation or sanitization of extracted strings is observed before the data is integrated into the agent's context.
Audit Metadata