Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/fill_fillable_fields.pyimplements a runtime monkeypatch of thepypdf.generic.DictionaryObject.get_inheritedmethod. This is used to correctly process specific PDF form field attributes during the filling operation. While legitimate for the skill's functionality, it involves dynamic modification of library behavior at execution time. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data in the form of PDF files.
- Ingestion points: PDF content is extracted using
pypdf,pdfplumber,pdftotext, andpytesseractacross various scripts and instructions. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat extracted PDF text as potentially untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses significant capabilities, including file system access (read/write) and execution of shell commands (
qpdf,pdftotext,magick). - Sanitization: No sanitization or filtering of the extracted PDF text is performed before it is integrated into the agent's context.
Audit Metadata