Security audit

Pdf Filler

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PDF form-filling skill, with privacy cautions because completed forms may contain sensitive information and are returned automatically.

Install only if you trust the external oc-pdf-filler package and optional PDF backends. Use it with PDFs you are comfortable having the agent process, review inferred or defaulted field values before relying on the result, and remember that the finished PDF may be sent back through the current chat or workspace attachment channel.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: Procedure: 1. Read `output_path` from the fill summary. It is guaranteed to be inside the workspace, so the host can attach it. 2. Use whatever attachment / file-return mechanism the host provides — Telegram bot `sendDocument`, Slack `files.upload`, the agent runtime's own `attach_file` / `send_file` tool, or simply emit it as a workspace artifact. Do not ask the user "do you want me to send it?"; just send it. 3. In the same turn, briefly confirm what was sent (filename + filled-field count). The user shouldn't have to ask twice. 4. If you genuinely cannot find an attachment channel, surface the workspace-relative path so the user can fetch it manually — but treat that as a last resort.
Confidence: 94% confidence
Finding: Do not ask the user

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.