pdf-documents

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of AI models (approx. 1-2 GB) from HuggingFace, a well-known and trusted service, for local document layout and table analysis. This is a one-time operation during the first use of the reading tools.- [COMMAND_EXECUTION]: The provided setup_env.sh script automates environment configuration by creating a Python virtual environment and installing necessary libraries. This is a standard and safe practice for local tool development.- [REMOTE_CODE_EXECUTION]: Documentation and error logs within the skill suggest installing the uv tool via a piped shell command from astral.sh. While this pattern is often flagged, astral.sh is a well-known technology service, and the command is not executed automatically by the skill's primary scripts.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes content from untrusted PDF files (via read_pdf.py and inspect_pdf.py) which are then converted to text/markdown for agent consumption. There are currently no explicit boundary markers or sanitization steps to isolate document content from agent instructions, though capabilities are limited to local file operations and report generation. Ingestion points: read_pdf.py and inspect_pdf.py. Boundary markers: Absent. Capability inventory: File creation via write_pdf.py and image extraction. Sanitization: Absent.- [SAFE]: No malicious behaviors such as credential theft, data exfiltration to unknown domains, or persistence mechanisms were discovered. All document processing is handled locally.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 03:59 AM
Security Audit — agent-trust-hub — pdf-documents