pdf-reader
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (
extract_pdf_text.py) using theuvtool to extract text from user-provided PDF files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted PDF content.
- Ingestion points: Content is read from external PDF files via the
input_pdfpath inextract_pdf_text.py. - Boundary markers: The script adds structural markers (e.g.,
## Page N) but lacks explicit instructions or delimiters to warn the agent against following instructions embedded within the extracted text. - Capability inventory: The skill performs file read and write operations within the workspace; the extracted Markdown is intended for subsequent analysis by the agent.
- Sanitization: Extracted text is normalized for formatting but not sanitized or filtered for potential malicious instructions.
Audit Metadata