Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions and metadata suggest standard use of reputable libraries (pypdf, pdfplumber, and reportlab) for legitimate PDF operations.
- [PROMPT_INJECTION]: The skill identifies PDF files as a primary input source for data extraction, which presents a surface for indirect prompt injection where malicious instructions could be embedded in the processed documents. Ingestion points: PDF documents processed via pdfplumber and pypdf (SKILL.md). Boundary markers: None found; the instructions do not suggest wrapping extracted content in delimiters. Capability inventory: Access to the exec tool is requested in _meta.json. Sanitization: No content validation or escaping of extracted text is described.
Audit Metadata