Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external PDF files, extracting their text content for the agent to use. This creates an indirect prompt injection attack surface where a maliciously crafted PDF could contain instructions intended to override the agent's behavior. While the skill uses structured workflows to mitigate some risk, it lacks explicit instructions for the agent to sanitize or isolate extracted text from its core instructions.
- [COMMAND_EXECUTION]: The documentation guides the agent in using standard command-line utilities such as
qpdf,pdftk, andpdftotext. These tools are used for routine document management tasks like merging, splitting, and OCR processing. The provided scripts also invoke these tools as part of the document processing pipeline. - [EXTERNAL_DOWNLOADS]: The skill references several well-known and reputable software libraries, including
pypdf,pdfplumber,reportlab, andpdf-lib. These are industry-standard tools for PDF processing and are referenced here for their legitimate functionality.
Audit Metadata