Back to skill

Security audit

pdf

Security checks across malware telemetry and agentic risk

Overview

This PDF skill matches its stated purpose, but generated form files and decrypted or repaired PDFs may contain sensitive data and should be handled carefully.

Install only if you want a local PDF-processing and form-filling workflow. Use it on PDFs you own or are authorized to process, keep generated JSON/PNG/PDF artifacts out of shared or synced locations when they contain private data, delete intermediate files when finished, and avoid in-place repair commands unless you have a backup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
79% confidence
Finding
The guide includes a qpdf decryption example for removing a password from a PDF but provides no warning about legal, policy, or data-handling constraints for protected and sensitive documents. In an agent skill, this can normalize unsafe handling of confidential files and encourage use on documents the user is not authorized to decrypt, increasing risk of policy violations or data exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs creation of JSON artifacts and filled PDFs that can contain highly sensitive personal data, but it provides no guidance about secure storage, redaction, cleanup, or overwrite risks. In an agent setting, this can lead to unintended persistence of PII in working directories, logs, or shared environments, increasing the chance of exposure beyond the immediate task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The non-fillable workflow expands the exposure surface by generating page images, validation images, bounding-box metadata, and a filled PDF, all of which may embed or reveal sensitive form contents. Because the instructions mandate these artifacts without warning or data-handling precautions, an agent may leave behind multiple recoverable copies of private user information.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference includes explicit examples for decrypting PDFs and removing password protection, but it does not state that this should only be done with authorization. In an agent skill, omission of that boundary can normalize or enable misuse against protected documents, especially if the agent treats reference examples as approved workflows.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The troubleshooting guidance recommends `qpdf --replace-input` without warning that it overwrites the original file. In an agent-driven context, this can cause unintended destructive modification of user data, especially when operating on corrupted or irreplaceable PDFs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.