The Agent Skills Directory

[COMMAND_EXECUTION]: The skill features an 'Execution Mode' (Mode 2) that generates temporary Dart scripts in the {skill-root}/flutter/pdf/scripts/ directory and executes them via dart run. This dynamic execution pattern is risky if user-controlled input (such as text content or filenames) is interpolated into the generated script without proper escaping or sanitization, as it could lead to arbitrary command injection.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data through its PDF text extraction feature (references/text-extraction.md). The skill lacks explicit boundary markers or instructions to ignore embedded commands within the extracted text, which could allow a maliciously crafted PDF to override the agent's behavior during processing.
Ingestion points: Text extraction from external files via PdfTextExtractor (references/text-extraction.md).
Boundary markers: Absent; the skill does not wrap extracted content in delimiters.
Capability inventory: File system access (read/write), network access (TSA server), and command execution via dart run (SKILL.md).
Sanitization: Absent; extracted text is returned as a raw string.
[CREDENTIALS_UNSAFE]: The documentation snippets in references/digital-signature.md contain hardcoded placeholder passwords such as "password123" and "123456". While these are generic examples, they represent a risk if users copy the code verbatim into production environments without implementing secure secret management.
[EXTERNAL_DOWNLOADS]: The skill references several external resources, including the syncfusion_flutter_pdf package and the certum.pl Time Stamp Authority. These are recognized as well-known, legitimate services related to the skill's primary function and do not pose a direct security threat.

syncfusion-flutter-pdf