The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs PDF processing by executing local shell scripts that wrap system binaries like Ghostscript, qpdf, and Poppler. All scripts use 'set -euo pipefail' and consistently quote variables (e.g., "$input", "$output") to prevent command injection via specially crafted filenames or user arguments.
[EXTERNAL_DOWNLOADS]: A dedicated installation script (scripts/install_deps.sh) is provided to help users set up required system tools using well-known package managers (Homebrew on macOS and APT on Debian/Ubuntu). The skill instructions explicitly direct the agent to only execute installation commands after receiving explicit user permission.
[PROMPT_INJECTION]: The skill includes utilities for extracting text and performing OCR on PDF files. These operations ingest data from external sources, which constitutes an indirect prompt injection surface. Because this risk is inherent to any tool processing untrusted documents and is mitigated by the agent's internal safety filters, it is noted but does not escalate the verdict.

pdf-toolkit