Back to skill

Security audit

HTML to PDF

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using a PDF API service, with expected external document processing risks that users should understand before using it.

Use this as reference material, not as automatic trusted automation. Do not send confidential PDFs, bank statements, internal URLs, customer data, signatures, or real passwords to PDF API Hub unless that external data flow is approved. Store the CLIENT-API-KEY outside code, review the service’s retention/deletion terms, and require explicit confirmation before calling deleteFile or deleteTemplate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples show OCR/parse workflows for scanned bank statements and other documents by sending document URLs and contents to a third-party API, but they do not warn that potentially sensitive financial or personal data leaves the user's environment. In documentation for an agent skill, this omission can cause users to process regulated or confidential documents without understanding privacy, retention, or compliance implications.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The download example writes returned PDF content directly to a local path without warning that it persists data to disk. While common, this can create unintended local storage of sensitive documents on shared machines, CI runners, or ephemeral hosts where file handling policies matter.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The endpoint reference instructs users to send a CLIENT-API-KEY and upload or reference documents to a third-party service, but it provides no caution about handling sensitive documents, credential storage, retention, or third-party data exposure. In a skill meant to automate document workflows, this omission can lead agents or users to transmit confidential files or secrets without informed consent or basic safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file and template deletion endpoints describe destructive operations without any warning, confirmation guidance, or mention of irreversible data loss. In an agent skill context, this increases the chance of accidental or automated deletion of customer files/templates, especially if an agent executes actions directly from documentation without human confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples repeatedly send document contents, source URLs, passwords, signatures, OCR inputs, and API credentials to a third-party remote service without any privacy, retention, or data-handling warning. Users may unknowingly transmit sensitive documents or secrets off-platform, increasing the risk of data exposure, compliance violations, or accidental credential leakage.

External Transmission

Medium
Category
Data Exfiltration
Content
watermarked_url = wm["pdf_url"]

# Step 3: Lock with password
locked = requests.post(
    f"{BASE_URL}/lockPdf",
    headers=HEADERS,
    json={
Confidence
89% confidence
Finding
requests.post( f"{BASE_URL}/lockPdf", headers=HEADERS, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.