Skills
skills/vm0-ai/vm0-skills/pdfco/Gen Agent Trust Hub

pdfco

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl command to interact with the PDF.co REST API. These commands are used to upload files, trigger processing jobs, and retrieve results.
  • [DATA_EXFILTRATION]: This skill transmits data to external servers (api.pdf.co and Amazon S3 buckets used by the vendor). This data includes PDF file URLs, HTML content, and local file binaries. This is consistent with the skill's primary purpose of cloud-based PDF processing.
  • [CREDENTIALS_UNSAFE]: The skill requires a PDF.co API key, which it instructs the user to store in an environment variable (PDFCO_TOKEN). This is a standard and recommended practice for managing secrets in automation scripts.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides the ability to extract text from untrusted PDF files using OCR. If the agent subsequently processes this extracted text as instructions, it could be vulnerable to indirect prompt injection.
  • Ingestion points: Text extracted from remote or local PDF files via the /pdf/convert/to/text endpoint.
  • Boundary markers: None identified in the provided instructions; extracted content is returned in the response body.
  • Capability inventory: Uses curl for network requests and file system access for reading/writing temporary request JSON files.
  • Sanitization: No specific sanitization or filtering of the extracted text is performed by the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM