Skills
skills/memtensor/skills-vote/pdf/Gen Agent Trust Hub

pdf

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it extracts and processes text from untrusted external PDF files.
  • Ingestion points: PDF content is read via pypdf, pdfplumber, and pypdfium2 as described in SKILL.md and implemented in scripts/extract_form_field_info.py and scripts/extract_form_structure.py.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or to treat the extracted text as untrusted data.
  • Capability inventory: The agent is instructed to execute shell commands (qpdf, pdftotext, pdftk, magick) and has file system access to read and write multiple file types.
  • Sanitization: Absent. Extracted text is not sanitized or escaped before being returned to the agent context.
  • [COMMAND_EXECUTION]: The skill requires the agent to run several external command-line utilities.
  • Evidence: SKILL.md and forms.md instruct the agent to use tools such as pdftotext, qpdf, pdftk, and ImageMagick (magick/convert) for PDF manipulation and image refinement.
  • [EXTERNAL_DOWNLOADS]: The skill depends on numerous third-party libraries for PDF and image processing.
  • Evidence: References to pypdf, pdfplumber, reportlab, pytesseract, pdf2image, pypdfium2, pillow, pandas, pdf-lib, and pdfjs-dist are present across the scripts and documentation. These are well-known libraries from established maintainers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:22 AM