Trust Assessment
pdf received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Skill provides patterns for shell command execution, Skill demonstrates extensive local file system read/write operations, Skill demonstrates PDF password protection functionality.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill provides patterns for shell command execution The skill guide explicitly demonstrates the use of various command-line tools (`pdftotext`, `qpdf`, `pdftk`, `pdfimages`) with full shell command syntax. If the AI agent is instructed to perform tasks described in this skill and constructs these commands using untrusted user input (e.g., filenames), it could lead to command injection, allowing arbitrary shell commands to be executed. This pattern teaches the agent how to perform shell execution, which is a high-risk capability. Implement strict input validation and sanitization for any arguments passed to shell commands. Consider using safer alternatives like Python libraries where possible, or ensure commands are executed in a highly restricted environment (e.g., containerized with minimal permissions). If shell execution is necessary, use a library that properly escapes arguments (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). | LLM | SKILL.md:109 | |
| MEDIUM | Skill demonstrates extensive local file system read/write operations The skill provides numerous Python code examples that read from and write to the local file system (e.g., `PdfReader`, `PdfWriter`, `pdfplumber.open`, `pd.DataFrame.to_excel`, `canvas.Canvas`, `SimpleDocTemplate`, `convert_from_path`). If the AI agent is granted broad file system access and is instructed to process arbitrary user-provided files, it could lead to data exfiltration (reading sensitive files) or unauthorized file modification/deletion (writing to critical locations). Restrict the AI agent's file system access to only necessary directories and file types. Implement strict validation on all file paths provided by users to prevent directory traversal or access to unauthorized locations. Ensure that any data extracted from user-provided PDFs is handled securely and not exfiltrated. | LLM | SKILL.md:20 | |
| LOW | Skill demonstrates PDF password protection functionality The skill includes an example of applying password protection to a PDF using `pypdf.PdfWriter.encrypt()`. While the example uses hardcoded passwords, it teaches the agent how to handle passwords for PDF operations. If the agent is later instructed to use user-provided passwords for encryption or decryption, and if these passwords are not handled securely (e.g., logged, transmitted insecurely), it could lead to credential harvesting. Ensure that any user-provided credentials (like PDF passwords) are treated as sensitive data. Avoid logging them, and ensure they are transmitted and stored securely, adhering to best practices for credential management. | LLM | SKILL.md:190 |
Scan History
Embed Code
[](https://skillshield.io/report/714d2684844e0948)
Powered by SkillShield