Back to skill

Security audit

Pdf To Structured

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local PDF extraction helper that reads user-selected PDFs and writes structured output files.

Install only if you are comfortable letting the skill read the PDFs you choose and write extracted data to local files. Store outputs in approved locations, review them before sharing, and avoid using any cloud OCR option unless your document owner allows it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The markdown explicitly states that extracted content is saved to CSV, Excel, or JSON, and later examples write OCR/text outputs to disk. Because construction PDFs and OCR outputs may contain sensitive project or document data, the skill description should warn users that extracted content will be stored locally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This section saves individual Excel files for each detected table and also creates a combined workbook, potentially exporting large amounts of content from many PDFs at once. While the code prints progress, the markdown does not warn users about the privacy and data-handling impact of bulk extraction and storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.