Skills
skills/lanej/dotfiles/pdf/Gen Agent Trust Hub

pdf

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it instructs the agent to extract and analyze content from user-provided PDF files.
  • Ingestion points: The agent uses tools like pypdf, pdfplumber, and pytesseract (OCR) to extract text and image data from external PDF files (as seen in scripts/extract_form_field_info.py and scripts/convert_pdf_to_images.py).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the skill's own instructions and instructions potentially embedded within the data of the processed PDFs.
  • Capability inventory: The skill allows for the execution of shell commands (qpdf, pdftotext) and local file system writes.
  • Sanitization: No sanitization or filtering is performed on the extracted text or OCR results before they are presented to the agent for analysis in forms.md and SKILL.md.
  • [COMMAND_EXECUTION]: The skill documentation and scripts facilitate the execution of several command-line utilities for PDF processing.
  • Evidence: SKILL.md and reference.md provide command-line examples for pdftotext, qpdf, pdftk, pdfimages, and pdftoppm to perform document transformations and data extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 07:26 PM
Security Audit — agent-trust-hub — pdf