Security risk report for @forgecat/anthropics_skills_pdf v0.0.4
Source Integrity
Low
Profile declares origin as Anthropic's official skills repository (GitHub: anthropics/skills) with commit hash and license reference.
Content is legitimate PDF processing documentation with standard Python/JavaScript libraries (pypdf, pdfplumber, reportlab, pdf-lib, pdfjs-dist) and well-known CLI tools (poppler-utils, qpdf, pdftk).
Agent Intent
Low
Content is purely educational documentation of PDF processing techniques using legitimate, widely-used libraries.
No instructions to ignore system prompts, read credentials, exfiltrate data, or execute remote payloads.
No guidance poisoning: recommended packages (pypdf, pdfplumber, reportlab, pdf-lib) are authentic, unmodified, and standard in the PDF processing ecosystem.
Details
Evidence
All code examples use official library APIs (e.g., `from pypdf import PdfReader`, `import pdfplumber`, `from reportlab.pdfgen import canvas`).
References to external scripts (e.g., `python scripts/check_fillable_fields`) are local helper tools, not remote payloads.
No instructions to disable security features, weaken TLS, or log sensitive data.
Permissions
Low
Skill description matches actual functionality: PDF reading, extraction, merging, splitting, form filling, encryption/decryption, OCR.
No tool definitions or hooks declared; profile is documentation-only with no executable permissions requested.
Recommended operations (file read/write for PDFs, local script execution) are proportional to stated PDF processing purpose.
Details
Evidence
Skill name and description consistently describe PDF operations across README, SKILL.md, forms.md, and reference.md.
No shell, file_delete, or unrestricted file_write permissions declared or implied.
Scripts referenced (check_fillable_fields, extract_form_field_info.py, fill_fillable_fields.py) are local utilities for PDF form analysis, not system-level tools.
MCP Risk
Low
No MCP servers defined in the profile.
No hidden instructions in tool descriptions or arbitrary binary execution.
Profile is static documentation with no dynamic server configuration.
Details
Evidence
MCP servers section is empty (none declared).
All code examples are library calls and CLI tool invocations, not MCP server definitions.