Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install Python dependencies (reportlab, pdfplumber, pypdf) and system packages (poppler-utils) from external repositories.
- [COMMAND_EXECUTION]: The skill utilizes shell commands, specifically
pdftoppm, to render PDF files into images. Additionally, it directs the agent to usesudofor installing system tools on Linux-based environments, which involves privilege escalation. - [PROMPT_INJECTION]: The skill processes external PDF files, which represents a surface for indirect prompt injection where malicious instructions hidden in the file content could attempt to influence the agent.
- Ingestion points: PDF files ingested for reading, review, and rendering as specified in SKILL.md.
- Boundary markers: Absent; no specific markers or instructions are provided to the agent to ignore instructions embedded within the processed PDF data.
- Capability inventory: The skill has the capability to execute shell commands (
pdftoppm) and perform file system operations via Python libraries. - Sanitization: Absent; there is no mention of sanitizing or validating the content of the PDF files before they are processed by tools or the LLM.
Audit Metadata