Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill demonstrates high-quality engineering and security awareness, such as explicitly advising against hardcoding field names, using secure cloning methods for PDF mutation, and handling AES-encrypted government forms using standard decryption practices.
- [COMMAND_EXECUTION]: The script
scripts/verify_render.pyinvokes the external utilitypdftoppm(from poppler-utils) usingsubprocess.check_call. The implementation is secure as it uses a list-based argument format, avoiding shell injection risks. - [EXTERNAL_DOWNLOADS]: The skill relies on standard, well-known Python libraries (
pypdf,reportlab,pdfplumber,pycryptodome) and references the use of Playwright for high-fidelity rendering. These are legitimate tools for the skill's stated purpose of PDF processing. - [DATA_EXPOSURE]: The skill is designed to process potentially sensitive documents like legal and government forms. It operates locally on files provided by the user and does not exhibit any patterns of unauthorized data exfiltration or credential harvesting.
Audit Metadata