Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill uses a localized monkeypatch in
scripts/fill_fillable_fields.pyto correct a specific bug in thepypdflibrary related to selection list fields. This is a functional workaround and does not introduce security vulnerabilities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted PDF documents provided by users.
- Ingestion points: Document content is read by
pypdfandpdfplumberacross multiple scripts, includingscripts/extract_form_field_info.py. - Boundary markers: None identified. Extracted content is not isolated from system instructions using delimiters.
- Capability inventory: The skill includes tools for file system interaction and PDF modification.
- Sanitization: No automated sanitization of extracted document text is performed.
- [COMMAND_EXECUTION]: The skill relies on the agent executing shell commands with arguments (filenames) which may be derived from external input.
- Evidence: Scripts like
scripts/check_fillable_fields.pyare called with file path arguments as described informs.md.
Audit Metadata