Back to skill

Security audit

Invoice Pdf Merge

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as a layout-only PDF merger, but it ships undisclosed scripts that extract invoice and travel details into Markdown, JSON, and Excel files.

Install only if you are comfortable with a package that contains local OCR, parsing, and reimbursement-report scripts beyond the advertised PDF merge function. Treat invoices and itineraries as sensitive data, review which script is being run, and avoid using the extraction scripts unless you intentionally want local Markdown, JSON, or Excel outputs created from those documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script explicitly performs multi-level OCR/text extraction and states that its Markdown output is intended for upstream parsing, which materially exceeds the declared skill purpose of being a 'pure layout tool' with 'no data extraction'. Because invoices and itineraries contain sensitive personal and financial data, this creates a hidden data-processing capability that could expose, retain, or propagate information users did not expect to be extracted.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The docstring says the output is 'MinerU-compatible' and intended for upstream workflow parsing, which signals deliberate preparation of extracted document contents for downstream processing. In the context of a tool advertised as not performing data extraction, this contradiction is dangerous because it conceals a sensitive-content extraction pipeline behind an innocuous PDF merge description.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script explicitly advertises and implements structured extraction of invoice, itinerary, and train-ticket fields into JSON, which contradicts the skill description claiming it is a pure layout tool with no data extraction. This creates a trust and data-handling mismatch: users may provide sensitive financial/travel documents under the assumption they are only being reformatted, while the code parses and structures personal and billing data that could be retained, repurposed, or forwarded elsewhere in the larger skill workflow.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The code performs full document classification and detailed extraction across multiple document types, including invoice numbers, dates, seller names, trip origins/destinations, train numbers, and prices. In the context of a skill presented as PDF merge/layout tooling, this is dangerous because it expands access to sensitive personal and financial data beyond the stated purpose, enabling covert profiling or secondary use without informed user expectation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.