Pdf

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF-processing skill whose sensitive actions are mostly expected for its purpose, with some broad activation and authorization caveats users should notice.

Install only if you want a broad local PDF helper. Use it on documents you own or are authorized to process, review outputs before sharing them, avoid in-place overwrite commands unless you have backups, and provide passwords only for authorized decryption.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill demonstrates file read/write behavior throughout the guide but does not declare corresponding permissions. In an agent environment, undeclared file capabilities reduce transparency and can cause the skill to be invoked with broader filesystem effects than reviewers or runtime policy expect.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The skill description presents broad PDF handling, but the static finding indicates additional form-analysis and coordinate-based filling behaviors not disclosed in the top-level description. Hidden or under-described capabilities are risky because they expand what the agent may do to sensitive documents, including extracting structured form metadata and modifying ostensibly non-fillable PDFs.

Vague Triggers

High

Confidence: 92% confidence
Finding: The activation rule is extremely broad: it triggers whenever the user mentions a PDF file or asks to produce one. Over-broad routing increases the chance the agent invokes this skill in unintended contexts, exposing local files to processing, transformation, OCR, metadata extraction, or decryption workflows without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide includes direct instructions for password removal/decryption using qpdf without any warning to verify authorization. In practice, this can normalize bypassing document protections and facilitate unauthorized access to sensitive PDFs if the agent applies the workflow to files the user is not permitted to decrypt.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal