The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute sudo apt-get install -y poppler-utils to install system-level dependencies. Acquiring root privileges allows for unrestricted access to the host system and is a significant security risk.
[PROMPT_INJECTION]: The metadata in SKILL.md identifies the author as "OpenAI", which contradicts the verified author "lawve-ai". This deceptive attribution is used to gain unearned trust and may cause users or automated systems to misjudge the safety of the skill.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to the following factors:
Ingestion points: The skill is explicitly designed to read and extract content from external, potentially untrusted PDF files (SKILL.md).
Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between data to be processed and instructions embedded within the PDF.
Capability inventory: The skill has the ability to execute shell commands (pdftoppm), install software, and write files to the disk (SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the content extracted from PDFs before it is used by the agent.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs several third-party Python libraries including reportlab, pdfplumber, and pypdf from the standard Python Package Index. It also fetches the poppler utility using system package managers.
[COMMAND_EXECUTION]: The workflow involves executing the pdftoppm command-line utility to render PDF pages. This involves passing external file paths to a shell subprocess.

pdf-processing-openai