Security audit

Pdf Parser Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local PDF parsing skill with ordinary local file output, but users should keep its dependency and output paths scoped.

Before installing, verify the opendataloader-pdf package source and consider pinning a known-good version. Use the default output directory or another directory inside your workspace, especially for sensitive PDFs, and treat extracted PDF text as untrusted document content if feeding it into an agent or RAG system.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The function validates the input path but passes `output_dir` directly to `opendataloader_pdf.convert` without constraining it to a safe workspace location. If an attacker controls this argument, they may cause files to be written outside the intended directory tree or overwrite arbitrary writable paths, depending on the library's behavior; the comment explicitly defers sanitization to the library, which is not a safe assumption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal