Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides documentation for executing system commands using tools like qpdf, pdftk, and poppler-utils (pdftotext, pdfimages). These are standard utilities for PDF processing.
- [EXTERNAL_DOWNLOADS]: Instructions include installing well-known Python packages via pip, specifically pytesseract and pdf2image. These are standard dependencies for the described tasks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. * Ingestion points: Content is extracted from external PDF files via extraction tools like pdfplumber.extract_text() or pypdf.PdfReader.extract_text() in SKILL.md. * Boundary markers: No delimiters or instructions to ignore embedded commands are present. * Capability inventory: The skill enables file system access for reading and writing PDF, text, and Excel files. * Sanitization: No validation or sanitization of the extracted text is performed before it is presented to the agent context.
Audit Metadata