The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it extracts text and structural data from external, untrusted PDF files. If a processed PDF contains malicious instructions, the agent might interpret them as authoritative guidelines during form analysis or data extraction.
Ingestion points: PDF content is ingested via pypdf, pdfplumber, and pdfjs-dist in SKILL.md, forms.md, and reference.md.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided scripts or prompts.
Capability inventory: The skill possesses the ability to create/modify files (PdfWriter) and execute shell commands (qpdf, magick, pdftotext).
Sanitization: There is no evidence of sanitization or validation of the extracted PDF text before it is presented to the agent for decision-making.
[COMMAND_EXECUTION]: The skill instructs the agent to execute several command-line utilities for PDF processing, including qpdf, pdftotext, pdfimages, pdftoppm, and the ImageMagick magick tool for cropping images.
[EXTERNAL_DOWNLOADS]: The skill relies on and references several well-known external libraries and tools. These include Python packages (pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pypdfium2, pandas), JavaScript libraries (pdf-lib, pdfjs-dist), and system utilities (poppler-utils, qpdf, pdftk).

pdf