pdf

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides documentation and scripts for utilizing common command-line utilities such as qpdf, pdftotext, and pdftk for document manipulation and conversion.
  • [SAFE]: The script scripts/fill_fillable_fields.py applies a monkeypatch to the pypdf library's DictionaryObject.get_inherited method. This modification is a specific workaround for a known issue in pypdf version 5.7.0 regarding selection list formatting and is not indicative of malicious dynamic code execution.
  • [PROMPT_INJECTION]: The skill processes untrusted PDF documents, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Document data is ingested via PdfReader and pdfplumber.open in several scripts (e.g., extract_form_field_info.py, fill_fillable_fields.py).
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used when processing text extracted from PDFs.
  • Capability inventory: The skill can write to the file system, create new documents, and execute command-line tools.
  • Sanitization: No validation or sanitization of extracted strings is observed before the data is integrated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — pdf