SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

pdf

Use this skill whenever the user wants to do anything with PDF files. This includes reading or extracting text/tables from PDFs, combining or merging multiple PDFs into one, splitting PDFs apart, rotating pages, adding watermarks, creating new PDFs, filling PDF forms, encrypting/

Overall
68
Trust
57
Utility
70
Momentum
88

Install caution

High-risk behavior present

Risk: High

Source: Anthropic Skills

Path: skills/pdf/SKILL.md

Review flags: filesystem/home-directory access, package installation commands, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands
  • Filesystem/home access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

package_installmedium

Mentions package installation or dependency-fetching commands.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -35 from 3 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 0.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent repo update within 11 days.
  • Recent commit volume: 5 commit(s) in the lookback window (+15).
  • Source has strong public adoption: 153438 stars.
  • Fork activity suggests reuse: 18085 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

None detected in SKILL.md text scan.

URLs

None detected in SKILL.md text scan.

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/anthropics/skills@main
path
skills/pdf/SKILL.md
source blob SHA
d3e046a5ae107a6cb23cfb16c219837094ab35d3
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

filesystem_write_or_home_access

…pages: writer.add_page(page) with open("merged.pdf", "wb") as output: writer.write(output) ``` #### Split PDF ```python reader = PdfReader("input.pdf") for i, page in enum…

package_install

…otated.pdf ``` ## Common Tasks ### Extract Text from Scanned PDFs ```python # Requires: pip install pytesseract pdf2image import pytesseract from pdf2image import convert_from_path # Conve…

shell_command

…eed to fill out a PDF form, read FORMS.md and follow its instructions. ## Quick Start ```python from pypdf import PdfReader, PdfWriter # Read a PDF reader = PdfReader("document.pdf") print(f"Pages: {len(reader.pages)}") # Extract text text = "" for page in re

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources