Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands such as
pdftoppmfor PDF rendering and various package managers (uv,pip,brew,apt-get) for environment setup. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of several external Python packages (
reportlab,pdfplumber,pypdf) and system-level utilities (poppler). While these are well-known tools, they involve downloading and executing code from external repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary purpose is to process external PDF data which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: External PDF files read and rendered via
pdfplumber,pypdf, andpdftoppminSKILL.md. - Boundary markers: Absent; the skill lacks explicit instructions or delimiters to isolate content from the PDF from the agent's system instructions.
- Capability inventory: The agent has the ability to write to the file system (
output/pdf/), execute system commands (pdftoppm), and install new software packages. - Sanitization: No sanitization or validation of the PDF content is described.
Audit Metadata