Back to skill

Security audit

X 92bilal26 Pdf

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF utility skill whose file access and output generation match its stated purpose, with some safety cautions users should apply around sensitive PDFs and password-protected documents.

Install only if you trust the publisher and need local PDF automation. Use explicit input and output paths, avoid overwriting originals, keep generated PDFs/JSON/images out of shared or version-controlled folders when they contain personal data, delete intermediates when done, and only decrypt or remove passwords from PDFs you are authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README describes the skill as applicable whenever the agent needs to fill forms or programmatically process, generate, or analyze PDFs at scale, which is broad enough to trigger on many ordinary PDF-related tasks. Overly general invocation criteria can cause unnecessary or premature skill activation, increasing exposure to any risky behavior or unintended file handling the skill may perform.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide includes explicit decryption/password-removal instructions for protected PDFs without any caution about authorization, legal constraints, or proper handling of sensitive documents. In an agent skill, that can normalize or enable misuse against access-controlled files, especially if an automated system follows examples without policy context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.