PDF Parse

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PDF parsing API skill, but users should understand that selected PDFs or PDF URLs are sent to pdfapihub.com.

Install only if you are comfortable sending the PDFs or PDF URLs you choose to pdfapihub.com for parsing. Avoid confidential or regulated documents unless your organization approves that provider, and handle the CLIENT-API-KEY as a sensitive credential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs users to send PDF content and an API credential to an external third-party service but does not clearly warn about that data transfer or its privacy implications. This is dangerous because users may upload sensitive PDFs (contracts, resumes, invoices, forms) without informed consent, exposing confidential data to an outside processor.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal