drawing-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the execution of bundled Python scripts (split_pdf.py and extract_vectors.py) to perform mechanical PDF processing tasks such as splitting, rendering, and vector data extraction.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the PyMuPDF library from the standard Python package registry as part of its setup process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document processing workflow.
  • Ingestion points: Text content extracted from user-uploaded PDFs is stored in .txt files (e.g., analysis/text/sheet_NNN.txt) which the agent is directed to read during analysis.
  • Boundary markers: The instructions lack explicit boundary markers or directives to treat extracted text as untrusted data rather than instructional content.
  • Capability inventory: The agent possesses the capability to execute shell commands and perform file operations in the local project environment.
  • Sanitization: No validation, sanitization, or filtering is applied to the text extracted from drawings before it is ingested by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 01:21 PM
Security Audit — agent-trust-hub — drawing-analyzer