pdf

Security checks across malware telemetry and agentic risk

Overview

This PDF utility skill is coherent and locally scoped, with a caution to use password-removal examples only on PDFs the user is authorized to decrypt.

Install this if you need local PDF processing and form-filling help. Review generated PDFs before sharing them, avoid running it on untrusted PDFs in sensitive environments, and only use decryption or password-removal commands for documents you are authorized to access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide provides a direct command for PDF password removal without any authorization, ownership, or legal-use warning. In a general-purpose agent skill, this can normalize or facilitate bypass of document protections on files the user may not be entitled to decrypt, increasing misuse risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal