Back to skill

Security audit

use_pdf

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF utility skill whose risky examples are tied to PDF work, but users should be careful with decrypted files and in-place repair commands.

Install only if you want a broad local PDF-processing helper. Use it on PDFs you intend to process, keep backups before repair or overwrite-style operations, protect any extracted images, JSON, text, or decrypted PDFs, and install required PDF tools from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is very broad: 'whenever the user wants to do anything with PDF files' and 'If the user mentions a .pdf file or asks to produce one, use this skill.' That can cause over-invocation on loosely related requests, pulling the agent into file access or document-manipulation workflows the user did not clearly intend, which increases the chance of inappropriate processing of sensitive PDFs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide includes password-removal and decryption examples without guardrails about authorization, ownership, or legal/organizational policy. In an agent setting, this can normalize bypass-style handling of protected documents and lead to processing confidential files without verifying the user is permitted to decrypt them.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting example uses `qpdf --replace-input corrupted.pdf`, which performs an in-place modification of the original file without emphasizing the destructive nature of the operation. In an agent skill context, this is risky because an automated system may reproduce the command directly and irreversibly alter or further damage a user's only copy of a PDF.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.