Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is well-documented and provides legitimate utility for document management. The included Python scripts are focused on specific PDF processing tasks and do not exhibit suspicious behaviors such as network exfiltration or unauthorized file access.
- [PROMPT_INJECTION]: The skill functions by processing content from external PDF files, which creates an inherent surface for indirect prompt injection. This is a common risk for tools that read untrusted documents.
- Ingestion points: Data enters the agent's context through PDF parsing scripts like
extract_form_structure.pyand library calls inSKILL.md(e.g.,pypdf,pdfplumber). - Boundary markers: Content extracted from PDFs is not enclosed in specific delimiters to distinguish it from instructions.
- Capability inventory: The skill includes the ability to write to the filesystem and execute shell commands for PDF and image manipulation.
- Sanitization: There is no evidence of sanitization or filtering of text extracted from PDFs before it is processed.
- [COMMAND_EXECUTION]: The skill provides templates for using standard command-line utilities such as
qpdf,pdftotext, andmagick(ImageMagick). Additionally, thefill_fillable_fields.pyscript utilizes runtime monkeypatching of thepypdflibrary to correct specific issues with Choice field handling. - [EXTERNAL_DOWNLOADS]: The skill documentation references several well-known and reputable third-party libraries for PDF handling, including
pypdf,pdfplumber,reportlab,pypdfium2,pdf-lib, andpdfjs-dist.
Audit Metadata