Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: The skill provides instructions for the user to install system dependencies using
sudo apt-get install -y poppler-utils. This is a standard procedure for acquiring the necessary tools for PDF rendering. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill depends on standard Python libraries (
reportlab,pdfplumber,pypdf) for PDF manipulation. These are well-known and widely used packages in the PDF domain. - [INDIRECT_PROMPT_INJECTION]: The skill processes external PDF files, which introduces a surface for indirect prompt injection attacks.
- Ingestion points: Reads text and renders images from PDF files provided at runtime.
- Boundary markers: The instructions do not define specific markers or delimiters to isolate content extracted from PDFs from the agent's internal logic.
- Capability inventory: The skill executes shell commands for rendering (
pdftoppm) and uses specialized libraries for content extraction. - Sanitization: There is no mention of sanitizing or validating the structure or content of the PDF files before they are processed by the agent.
Audit Metadata