temp_pdf_skill11

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned PDF utility skill with one dual-use password-removal example that needs clearer authorization guidance.

Before installing, understand that the skill may help run local PDF repair or decryption commands. Use it only on documents you own or are authorized to process, and review any generated qpdf command before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide explicitly documents PDF password removal/decryption with qpdf but provides no warning that this should only be done on documents the user is authorized to access. In an agent skill, this can normalize or facilitate bypassing document protections on sensitive files, increasing the chance of misuse or unsafe automation against protected PDFs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal