Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute command-line utilities such as qpdf, pdftotext, and ImageMagick (magick or convert) for PDF transformations, text extraction, and image manipulation. Additionally, the script fill_fillable_fields.py performs runtime monkeypatching of the pypdf library to adjust handling of specific PDF form structures.
- [EXTERNAL_DOWNLOADS]: Documentation directs the installation of multiple third-party Python packages including pypdf, pdfplumber, reportlab, pdf2image, pytesseract, and pypdfium2. It also references external JavaScript libraries such as pdf-lib and pdfjs-dist for advanced browser-side or server-side tasks.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from PDF files. Maliciously crafted content within a PDF could potentially influence the agent's behavior during data extraction or form-filling operations.
- Ingestion points: Untrusted content is read from PDF files using pypdf and pdfplumber in scripts such as extract_form_field_info.py and extract_form_structure.py.
- Boundary markers: No specific delimiters or safety instructions are implemented to isolate extracted PDF content from system instructions.
- Capability inventory: The skill has access to file system operations and can execute shell commands via the agent.
- Sanitization: Extracted text and metadata are processed without validation or sanitization before being used in subsequent agent actions.
Audit Metadata