Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates within a shell sandbox, providing a necessary layer of isolation between the PDF processing tasks and the host system.
- [SAFE]: The instructions incorporate explicit security constraints, specifically directing the agent to avoid network connectivity and prohibiting the use of pip to install additional packages.
- [PROMPT_INJECTION]: The skill's core functionality involves processing untrusted content from external PDF files, which constitutes a potential vector for indirect prompt injection attacks.
- Ingestion points: The skill reads text, tables, and metadata from user-provided PDF files using libraries like pdfplumber, pypdf, and PyMuPDF.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the PDF content are present in the provided documentation.
- Capability inventory: The agent is instructed to execute Python code and interact with the shell sandbox to perform file operations.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the data extracted from the PDFs before it is processed by the agent.
Audit Metadata