pdf

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill uses a localized monkeypatch in scripts/fill_fillable_fields.py to correct a specific bug in the pypdf library related to selection list fields. This is a functional workaround and does not introduce security vulnerabilities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted PDF documents provided by users.
  • Ingestion points: Document content is read by pypdf and pdfplumber across multiple scripts, including scripts/extract_form_field_info.py.
  • Boundary markers: None identified. Extracted content is not isolated from system instructions using delimiters.
  • Capability inventory: The skill includes tools for file system interaction and PDF modification.
  • Sanitization: No automated sanitization of extracted document text is performed.
  • [COMMAND_EXECUTION]: The skill relies on the agent executing shell commands with arguments (filenames) which may be derived from external input.
  • Evidence: Scripts like scripts/check_fillable_fields.py are called with file path arguments as described in forms.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:07 AM
Security Audit — agent-trust-hub — pdf