Security Audit
lawvable/awesome-legal-skills:skills/pdf-processing-openai
github.com/lawvable/awesome-legal-skillsTrust Assessment
lawvable/awesome-legal-skills:skills/pdf-processing-openai received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via External Tool Execution, Unpinned Python Dependencies, Recommendation for Elevated Privileges (sudo).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 26, 2026 (commit 4d82d4cf). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via External Tool Execution The skill suggests executing `pdftoppm` with `$INPUT_PDF` and `$OUTPUT_PREFIX` as arguments. If these variables are populated directly from untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For example, if `$INPUT_PDF` contains shell metacharacters, it could lead to arbitrary code execution on the host system. Ensure that any variables passed to external commands like `pdftoppm` are strictly validated and properly sanitized or shell-escaped before execution. Prefer using libraries that safely execute external processes (e.g., Python's `subprocess` module with `shell=False` and a list of arguments) rather than direct shell interpolation. | LLM | SKILL.md:49 | |
| MEDIUM | Unpinned Python Dependencies The skill specifies Python package dependencies (`reportlab`, `pdfplumber`, `pypdf`) without pinning them to specific versions. This introduces a supply chain risk, as future installations could pull in newer versions that might contain breaking changes, introduce new vulnerabilities, or even malicious code if a package maintainer's account is compromised. This lack of pinning can lead to non-deterministic builds and potential security regressions. Pin all Python dependencies to specific, known-good versions (e.g., `reportlab==X.Y.Z`). Regularly review and update these pinned versions to incorporate security patches while maintaining control over the dependency tree. Consider using a `requirements.txt` or `pyproject.toml` with locked dependencies. | LLM | SKILL.md:34 | |
| INFO | Recommendation for Elevated Privileges (sudo) The skill instructs the user to install system dependencies using `sudo apt-get install -y poppler-utils`. While this is for setup, it requires the user to grant elevated privileges. This highlights that the skill's operational environment might involve or recommend actions that require root access, which could be a concern if the skill were to later attempt to leverage such privileges for unintended actions. It's important for users to be aware of the scope of permissions requested. Clarify that `sudo` is only required for initial system-level dependency installation and not for the skill's runtime operations. Advise users to install system dependencies in a sandboxed environment or with minimal necessary privileges. Ensure the skill itself does not attempt to escalate privileges during normal execution. | LLM | SKILL.md:43 |
Scan History
Embed Code
[](https://skillshield.io/report/83849e65c75be2f2)
Powered by SkillShield